Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mlohnen
Explorer

Unable to connect with smartconsole R80.10 but can connect with R77.30

Hi,

Since we've updated our 4800 to 80.10 I have this strange problem that I cannot connect with smartconsole R80.10 but I can connect with smartconsole R77.30, but then I'm not able to change everything (firewall rules/policies for example).

I'm able to reach the 4800 in every other way, SSH, webUI, no problems.

Checked out this forum and searched on Google, but cannot find this problem or a solution for it.

All services needed are up and running.

 

Any ideas?

 

Thanks!

Marco

0 Kudos
8 Replies
Tal_Paz-Fridman
Employee
Employee

Hi 

What message do receive when trying to connect with the SmartConsole to the R80.10 machine?

Did you upgrade recently to R80.10? why not to R80.30?

Thanks

Tal

0 Kudos
mlohnen
Explorer

I just get 'unable to connect to server'.

Updated to 80.10 about 8 months ago, can't really remember if I was able to use smartconsole before after updating 😉

Didn't need to make any changes until lately..

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Looks like there is a communication error with port 19009, do you have any other FW between the SmartConsole and the gateway? Windows FW?
Regards, Maarten
0 Kudos
mlohnen
Explorer

I'm in a management VLAN that's supposed to have no restrictions.

Does the checkpoint itself always accept requests on port 19009?
Windows firewall is disabled.

What would be the trick to open this port to this VLAN using the CLI, maybe I can try that.

 

0 Kudos
PhoneBoy
Admin
Admin

You should check with tcpdump that the system is receiving traffic from the client on port 19009 with tcpdump
Implied rules should allow the relevant access.
0 Kudos
Tal_Paz-Fridman
Employee
Employee

This error can be a result of several issue. There are SK on the matter that might help:

sk137332 "Unable to connect to server" error when trying to connect SmartConsole

sk139552 Troubleshooting "Unable to connect to server. Please make sure that all processes of the server are up and running" SmartConsole error

sk115599 "Unable to connect to server" error on R80.XX SmartConsole during login attempt failure

 

I would start by checking that all the processes are up and running (cpwd_admin list)

 

 

 

0 Kudos
mlohnen
Explorer

I ran the scripts to see if everything is up and running:

[Expert@fwmgmt01:0]# $MDS_FWDIR/scripts/cpm_status.sh
Check Point Security Management Server is running and ready
[Expert@fwmgmt01:0]# $MDS_FWDIR/scripts/server_status.sh
Checking server status. Please wait...
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/opt/CPsuite-R80/fw1/cpm-server/slf4j-log4j12-1.6.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/CPsuite-R80/fw1/cpm-server/activemq-all-5.9.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
Enabling local sic. Setting cp.ssl_local.certificate.check=local
Starting to configure logging options
Server is up and ready to receive connections
[Expert@fwmgmt01:0]#

[Expert@fwmgmt01:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 9526 E 1 [14:19:23] 20/4/2020 N cpviewd
CPD 9543 E 1 [14:19:23] 20/4/2020 Y cpd
MPDAEMON 9567 E 1 [14:19:25] 20/4/2020 N mpdaemon /opt/CPshrd-R80/log/mpdaemon.elg /opt/CPshrd-R80/conf/mpdaemon.conf
CI_CLEANUP 9885 E 1 [14:19:37] 20/4/2020 N avi_del_tmp_files
CIHS 9887 E 1 [14:19:37] 20/4/2020 N ci_http_server -j -f /opt/CPsuite-R80/fw1/conf/cihs.conf
FWD 9908 E 1 [14:19:37] 20/4/2020 N fwd
FWM 9911 E 1 [14:19:37] 20/4/2020 N fwm
CPM 10178 E 1 [14:19:42] 20/4/2020 N /opt/CPsuite-R80/fw1/scripts/cpm.sh -s
LPD 10859 E 1 [14:19:51] 20/4/2020 N lpd
RAD 10882 E 1 [14:19:52] 20/4/2020 N rad
MFDEMUXER 12356 E 1 [14:20:33] 20/4/2020 N /opt/CPcvpn-R80/bin/MoveFileDemuxer /opt/CPcvpn-R80/log/MFDemux.log /opt/CPcvpn-R80/conf/mfdemuxer.C
DBWRITER 12360 E 1 [14:20:33] 20/4/2020 N dbwriter /opt/CPcvpn-R80/log/dbwriter.elg /opt/CPcvpn-R80/conf/dbwriter.C
CVPNPROC 12364 E 1 [14:20:33] 20/4/2020 N cvpnproc /opt/CPcvpn-R80/log/cvpnproc.elg /opt/CPcvpn-R80/conf/cvpnproc.C
MFSERVER 12370 E 1 [14:20:33] 20/4/2020 N /opt/CPcvpn-R80/bin/MoveFileServer /opt/CPcvpn-R80/log/MFServer.log /opt/CPcvpn-R80/conf/mfserver.C
CVPNUMD 12377 E 1 [14:20:33] 20/4/2020 N /opt/CPcvpn-R80/bin/CvpnUMD
PINGER 12383 E 1 [14:20:33] 20/4/2020 N /opt/CPcvpn-R80/bin/Pinger /opt/CPcvpn-R80/log/Pinger.log /opt/CPcvpn-R80/conf/Pinger.C
IDLEPINGER 12396 E 1 [14:20:33] 20/4/2020 N /opt/CPcvpn-R80/bin/IdlePinger /opt/CPcvpn-R80/log/IdlePinger.log /opt/CPcvpn-R80/conf/IdlePinger.C
CVPND 12605 E 1 [14:20:33] 20/4/2020 N cvpnd /opt/CPcvpn-R80/log/cvpnd.elg /opt/CPcvpn-R80/conf/cvpnd.C
RFL 26845 E 1 [14:21:13] 20/4/2020 N LogCore
SMARTVIEW 26862 E 1 [14:21:13] 20/4/2020 N SmartView
INDEXER 26893 E 1 [14:21:14] 20/4/2020 N /opt/CPrt-R80/log_indexer/log_indexer
SMARTLOG_SERVER 26959 E 1 [14:21:14] 20/4/2020 N /opt/CPSmartLog-R80/smartlog_server
DASERVICE 27261 E 1 [14:21:20] 20/4/2020 N DAService_script
AUTOUPDATER 27272 E 1 [14:21:20] 20/4/2020 N AutoUpdaterService.sh
CPSM 12115 E 1 [14:23:35] 20/4/2020 N cpstat_monitor

[Expert@fwmgmt01:0]# $FWDIR/scripts/cpm_status.sh | grep --color ready
Check Point Security Management Server is running and ready

0 Kudos
PhoneBoy
Admin
Admin

The reason you can connect with SmartDashboard even in R80.x is that some functions in R80.x still require SmartDashboard.
Confirm with tcpdump that packets on tcp port 19009 are reaching the management server.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events