This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2023-05-02 04:32 AM

Web Server Space for SmartConsole Extensions

I have programmed some interesting SmartConsole Extensions in the last few weeks:

- Add and Delete Gateway Routes central from SmartConsole

- Execute Commands
   - Execute CLI commands on all gateways simultaneously
   - Execute CLI commands on selected gateways simultaneously
   - Execute CLI commands on all Maestro SGMs simultaneously
   - Get and Push GAIA CLISH Configs 

- Ticket System - SmartConsole Extension 

- R8x - Ports Used for Communication by Various Check Point Modules - SmartConsole Extension

Now I have the problem that I have about 1000 - 1500 users who use these extensions per day.
This means I have about 500 000 web accesses a day, which download about 100 KByte, so every day 5 GByte of traffic is generated.

This reaches the capacity limits on my private web server.


Is there a possibility to host this via Check Point?

➜ CCSM Elite, CCME, CCTE
3 Replies
Danny
Champion Champion
Champion
‎2023-05-02 05:31 AM

Check Point is not a file hosting company.
There are various options you may want to consider:

  • Advice your users to download and copy your files into the /etc/hcp/smc_ext/ folder of their SmartCenter Server (SCS) and run it from there (example)
  • Advice your users to copy your files onto a local web server and run it from there
  • Host your files on trusted code sharing platforms, such as GitHub
  • User code compressors to minify the code of your files in order to save web traffic
  • Re-think your last extension that simply loads a 0.5mb pixel image (ports.jpg).
    A SVG would be much smaller and stays sharp when the end user zooms in.
HeikoAnkenbrand
Champion Champion
Champion
‎2023-05-02 05:49 AM
In response to Danny

Hi @Danny,

GitHub did not work, because the raw link does not work with SmartConsole extensions.
Something is always modified here that the SmartConsole cannot process.

If anyone has an idea how this could work with GitHub, I would be happy.
Unfortunately, I couldn't get it right.

➜ CCSM Elite, CCME, CCTE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2023-05-02 07:42 AM
In response to Danny

Hi @Danny,


CUT>>>
Advice your users to download and copy your files into the /etc/hcp/smc_ext/ folder of their SmartCenter Server (SCS) and run it from there (example)
<<<CUT

Unfortunately, this no longer works with R81.20. Here, the start script was more restrictive. This means that you cannot start any third-party extensions in this directory. 

CUT start script /etc/init.d/hcp_ext >>>
  ...
  install -m 660 -o cp_extensions -g bin /etc/hcp/smc_ext/index.html $HCP_PATH/ > /dev/null 2>&1
  install -m 660 -o cp_extensions -g bin /etc/hcp/smc_ext/extension.json $HCP_PATH/ > /dev/null 2>&1
  ...

  install -m 660 -o cp_extensions -g bin /etc/hcp/smc_ext/js/* $HCP_PATH/js/ > /dev/null 2>&1
  ...
<<< CUT

Solution:
- Modify the start script if necessary. But I would not do this for support reasons.
- Or use a different subdirectory for example /etc/hcp/smc_ext/js/. Here "*" was used in the start script.
   But it's also not a good solution if Check Point makes this more restrictive in the future.

PS:
I would set the directories more restrictively and not set an asterisk.
I have been using this since about 2021 to copy files from the firewall or SMS via the browser when winscp does not work;-)

➜ CCSM Elite, CCME, CCTE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events