Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable
Jump to solution

I have installed the ISO and dashboard console but i am unable to communicate R80 server using console


I get CERTIFICATE NOT VALID YET ERROR ON SMART CONSOLE ?

any suggestion would be good.

I have to do a demo on this to partners next week

0 Kudos
1 Solution

Accepted Solutions
Roman_Safonov
Explorer

I had a connectivity problem with Smart Console till I increased RAM to 4GB.

View solution in original post

10 Replies
Timothy_Hall
Champion
Champion

Check your time/date on the R80 Mgmt server vs. the workstation running SmartConsole.  My guess is that the clock on the R80 Mgmt server is incorrectly set in the distant future or past.  If using VMWare the time/date can be a constant problem since it steals processing cycles and can cause substantial clock drift in the guest VMs; setting up NTP is strongly recommended to keep this from happening.

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Tobias_Mauer
Explorer

I think you are right. Probably wrong timezone and set to the future

0 Kudos
Not applicable

Error still seems to be there Smiley Sad

I have set the same time zone for both console machine and CLI on SMS.

After entering user name/password, I get some weird html code

name="others" content="WEBUI LOGIN PAGE"  /><TITLE>Gaia</TITLE>

<link rel="shortcut icon" href="https://community.checkpoint.com/login/fav.ico">

<link rel="stylesheet" type="text/css" href="https://community.checkpoint.com/login/ext-all.css" />

<link rel="stylesheet" type="text/css" href="https://community.checkpoint.com/login/login.css" />

<STYLE TYPE="text/css">

.ext-ie .webui-login-fld{font-size: 11px;}

</STYLE>

<script type="text/javascript"

0 Kudos
Timothy_Hall
Champion
Champion

Reset SIC for the gateway object in the SmartDashboard and from the CLI on the gateway via cpconfig (make sure to completely exit the cpconfig menu or the SIC reset won't complete).  Re-establish SIC to reissue the gateway's certificate with a hopefully sane date.

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Not applicable

Thanks Tim.

there was no option of reset SIC but I entered fwm SIC_reset command, it did something but came up with error " failed to connect to NGM server"

Then I restarted console and tried connecting, I got following steps...

0 Kudos
Timothy_Hall
Champion
Champion

Tough to say, but it looks like the SMS certificate being presented to the SmartConsole GUI is no longer in a valid time range since you corrected the time and date.  While this can certainly be fixed somehow, it would probably be easier to just reload the SMS making sure to set the time and date properly during the Gaia web interface post-installation dialog, and configuring NTP to avoid future clock drift.

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Roman_Safonov
Explorer

I had a connectivity problem with Smart Console till I increased RAM to 4GB.

Timothy_Hall
Champion
Champion

Right, minimum RAM for R80 SMS is 4GB.  See this thread:

Hardware requirement for R80

--

My book "Max Power: Check Point Firewall Performance Optimization"

now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Not applicable

Well thanks Roman. I did a fresh install with 6GB RAM and it worked fine. I was able to do a demo on 16th March.

I can now connect using smart console.

Thanks for your help guys.

I might start a new threat on how should i add a gateway  as i am unable to establish SIC between G/w and R80 Mgmt.

Thanks once again for your help.

0 Kudos
Roman_Safonov
Explorer

I have a production R77.30 management so I simply did migrate export/import and R80 is able to establish SIC with R77.10 gateway without any problem.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events