- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- ICA management tool on standalone box
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ICA management tool on standalone box
Hey guys,
Just need to clarify if this is even officially supported. I set this up many times before on mgmt server and works fine with SSL enabled, BUT, on standalone box, I can never get it working when ssl is in, only if I disable ssl with below command
cpca_client set_mgmt_tool on -no-ssl
https://support.checkpoint.com/results/sk/sk30501
If anyone could confirm this, would be great.
Best regards,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is quick debug I did, but this does not seem to tell me much : - )
Andy
[Expert@CP-STANDALONE-backup:0]# cpca_client -d set_mgmt_tool on -a "CN=standalone-ica,OU=users,O=CP-STANDALONE-backup..r5et7n"
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] main: Initializing debug level 3
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] resolver_gethostbyname: Performing gethostbyname for localhost
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_client_command: trying to connect
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_get_maxbuf: maxbuf=4194304
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_conn_params_ex: fd: <4>, my addr: <127.0.0.1,48923>, peer addr: <127.0.0.1,18209>
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_infra_clnt_handler: conn id is 4
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_connbuf_realloc: reallocating 0 from 0 to 1032
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_connbuf_realloc: reallocating 0 from 0 to 1032
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 0
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 1
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 2
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 3
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_client_end_handler: connection ended. sock=4
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCommandData::CallCallback: result OK, calling callback
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_client_command_cb: called callback
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_set_mgmt_tools_cb: called callback. rc=0
Management tool is ON.
Using SSL.
The authorized administrators:
(
: ("CN=standalone-ica,OU=users,O=CP-STANDALONE-backup..r5et7n")
)
The authorized users:
()
The authorized custom users:
()
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] T_event_mainloop_e: T_event_mainloop_iter returns 0
[Expert@CP-STANDALONE-backup:0]#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am almost positive the issue is below, as it seems ssl inspection is enabled as per cipher_util, but its NOT...I even verified via smart console object the feature is not enabled.
Andy
[Expert@CP-STANDALONE-backup:0]# cipher_util
Which blade would you like to configure?
(1) Multi Portal
(2) SSL Inspection
2
Which list would you like to edit?
(1) TLS 1.2 Ciphers
(2) TLS 1.3 Ciphers
^C
[Expert@CP-STANDALONE-backup:0]# enabled_blades
fw vpn urlf appi identityServer mon
[Expert@CP-STANDALONE-backup:0]#
