- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: What is the docker stuff in my R81 management ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the docker stuff in my R81 management ?
Hi,
What is the docker container running on my R81 ? And - what can I use docker for on my sms ? - "anything?" future plans ?
Edited output of 'docker container ls' from my sms:
...mwc:latest "node index.js" 2 months ago Up 10 days mwc....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Future functionality will leverage Docker.
The first thing you’ll see is the web-based SmartConsole.
You will also see Docker appear in R80.40 JHF.
As to whether you will be able to leverage it for your own needs, probably not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wouldn't guacamole be deployed as a container?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As far as I know, it (guac) will be deployed as a container, but on a standalone server running docker... But very interesting - could you run the container on the SMS ? .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's what I've heard, but from my perspective, it'll make more sense to run it internally, especially, if there are already Docker capabilities built-in.
It may even make more sense for CP to release a stand-alone Gaia image with Guacamole baked in for this particular purpose.
Not all organizations have containers running in their environments, but nearly all could benefit from clienteles RDP and SSH (and may be more HTML5 app) capabilities.
Keeping a lid on security aspects of this implementation, reducing 3rd party dependency and reinforcing branding seems like a good deal to me.
If developed further, it should also make it easier to compete against Pulse Secure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will try running it in my lab enviroment... and just see what happens. I have not worked with guacamole at all - but it looks cool. I see that only 20 minutes ag there was an update here on Check Mates on it to.. they have done som changes to it that should improve issues with resources etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good luck, but I do not think you can (or should), be able to run unsanctioned container on SMS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
About documentation:
sk168365: Configure Docker Engine to a different subnet
In sk170114: Jumbo Hotfix Accumulator for R81 (R81_jumbo_hf) we find under resolved issues for JT_13:
- Gaia OS: "Docker0" bridge interface with assigned IP address from class B private pool may appear in the system, causing routing issues.
- Endpoint Security: UPDATE: Updated Endpoint Web Docker Image.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Following feedback from the field on potential routing issues with the docker0 interface, we modified the implementation and it will no longer exist.
This was done in R81 JHF take 10. The JHF takes are still ongoing, but anyone with this issue can install the latest.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... (PRJ-19150)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Morning,
We suddenly experience the routing issue as well... I has been working perfectly for some time in Azure, but just lately (3 days ago) suddenly we were not able to access part of out firewall using the 172.17.0.0/24 ip range.
Routing table show :
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
We are using the latest R80.40 management station in Azure.
How can we resolve this easy (with doing the whole update sequence) and why is this suddenly active ?
Best regards
Ed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solution was there, could not find it ..
Solution
{"bip": "192.168.200.1/30"}
Then restart the docker daemon by running following commands in expert mode:
[Expert@HostName]# service docker_manager restart
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web console Front-end
![](/skins/images/84DAB6BD358ECB13CE1094473F6E2961/responsive_peak/images/icon_anonymous_message.png)