This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vinceneil666
Advisor
‎2021-02-18 07:44 AM

What is the docker stuff in my R81 management ?

Hi,

What is the docker container running on my R81 ? And - what can I use docker for on my sms ? - "anything?" future plans ? 

Edited output of  'docker container ls' from my sms:
...mwc:latest "node index.js" 2 months ago Up 10 days mwc....

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2021-02-18 09:54 AM

Future functionality will leverage Docker.
The first thing you’ll see is the web-based SmartConsole.
You will also see Docker appear in R80.40 JHF.

As to whether you will be able to leverage it for your own needs, probably not.

Vladimir
Champion
Champion
‎2021-02-18 10:04 AM
In response to PhoneBoy

Wouldn't guacamole be deployed as a container?

0 Kudos
vinceneil666
Advisor
‎2021-02-18 11:34 AM
In response to Vladimir

As far as I know, it (guac) will be deployed as a container, but on a standalone server running docker... But very interesting - could you run the container on the SMS ? .

0 Kudos
Vladimir
Champion
Champion
‎2021-02-18 11:44 AM
In response to vinceneil666

That's what I've heard, but from my perspective, it'll make more sense to run it internally, especially, if there are already Docker capabilities built-in.

It may even make more sense for CP to release a stand-alone Gaia image with Guacamole baked in for this particular purpose.

Not all organizations have containers running in their environments, but nearly all could benefit from clienteles RDP and SSH (and may be more HTML5 app) capabilities.

Keeping a lid on security aspects of this implementation, reducing 3rd party dependency and reinforcing branding seems like a good deal to me.

If developed further, it should also make it easier to compete against Pulse Secure.

0 Kudos
vinceneil666
Advisor
‎2021-02-18 11:56 AM
In response to Vladimir

I will try running it in my lab enviroment... and just see what happens. I have not worked with guacamole at all - but it looks cool. I see that only 20 minutes ag there was an update here on Check Mates on it to.. they have done som changes to it that should improve issues with resources etc.

0 Kudos
Vladimir
Champion
Champion
‎2021-02-18 02:01 PM
In response to vinceneil666

Good luck, but I do not think you can (or should), be able to run unsanctioned container on SMS.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-02-19 12:57 AM

About documentation:

sk168365: Configure Docker Engine to a different subnet

In sk170114: Jumbo Hotfix Accumulator for R81 (R81_jumbo_hf) we find under resolved issues for JT_13:

- Gaia OS: "Docker0" bridge interface with assigned IP address from class B private pool may appear in the system, causing routing issues.

- Endpoint Security: UPDATE: Updated Endpoint Web Docker Image.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Tomer_Noy
Employee
Employee
‎2021-02-19 05:45 AM
In response to G_W_Albrecht

Following feedback from the field on potential routing issues with the docker0 interface, we modified the implementation and it will no longer exist.

This was done in R81 JHF take 10. The JHF takes are still ongoing, but anyone with this issue can install the latest.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... (PRJ-19150)

0 Kudos
Edgar-van-Rhee
Explorer
‎2024-01-11 11:30 PM
In response to G_W_Albrecht

Good Morning,

We suddenly experience the routing issue as well... I has been working perfectly for some time in Azure, but just lately (3 days ago) suddenly we were not able to access part of out firewall using the 172.17.0.0/24 ip range.

 

Routing table show :

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

 

We are using the latest R80.40 management station in Azure.

How can we resolve this easy (with doing the whole update sequence) and why is this suddenly active ?

Best regards

Ed

 

 

 

0 Kudos
Edgar-van-Rhee
Explorer
‎2024-01-11 11:58 PM
In response to Edgar-van-Rhee

Solution was there, could not find it ..

 

Solution

You can configure the default bridge network by providing the bip option along with the desired subnet in the daemon.json (default location at /etc/docker/daemon.json on Gaia OS) file as follows:

{"bip": "192.168.200.1/30"}

Then restart the docker daemon by running following commands in expert mode:

[Expert@HostName]# service docker_manager restart
0 Kudos
_Val_
Admin
Admin
‎2021-02-19 02:04 AM

Web console Front-end

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events