This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2023-11-29 11:26 AM

ICA management tool on standalone box

Hey guys,

Just need to clarify if this is even officially supported. I set this up many times before on mgmt server and works fine with SSL enabled, BUT, on standalone box, I can never get it working when ssl is in, only if I disable ssl with below command

cpca_client set_mgmt_tool on -no-ssl

https://support.checkpoint.com/results/sk/sk30501

 

If anyone could confirm this, would be great.

Best regards,

Andy 

0 Kudos
2 Replies
the_rock
Legend
Legend
‎2023-11-29 11:34 AM

Here is quick debug I did, but this does not seem to tell me much : - )

Andy

[Expert@CP-STANDALONE-backup:0]# cpca_client -d set_mgmt_tool on -a "CN=standalone-ica,OU=users,O=CP-STANDALONE-backup..r5et7n"
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] main: Initializing debug level 3
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] resolver_gethostbyname: Performing gethostbyname for localhost
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_client_command: trying to connect
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_get_maxbuf: maxbuf=4194304
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_conn_params_ex: fd: <4>, my addr: <127.0.0.1,48923>, peer addr: <127.0.0.1,18209>
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_infra_clnt_handler: conn id is 4
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_connbuf_realloc: reallocating 0 from 0 to 1032
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwasync_connbuf_realloc: reallocating 0 from 0 to 1032
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 0
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 1
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 2
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCmdApi::Process: entered, state = 3
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_client_end_handler: connection ended. sock=4
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] FwCaCommandData::CallCallback: result OK, calling callback
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_client_command_cb: called callback
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] fwca_set_mgmt_tools_cb: called callback. rc=0
Management tool is ON.
Using SSL.
The authorized administrators:
(
: ("CN=standalone-ica,OU=users,O=CP-STANDALONE-backup..r5et7n")
)
The authorized users:
()
The authorized custom users:
()
[26653 4134562176]@CP-STANDALONE-backup[29 Nov 14:32:30] T_event_mainloop_e: T_event_mainloop_iter returns 0
[Expert@CP-STANDALONE-backup:0]#

 

0 Kudos
the_rock
Legend
Legend
‎2023-11-29 12:39 PM

I am almost positive the issue is below, as it seems ssl inspection is enabled as per cipher_util, but its NOT...I even verified via smart console object the feature is not enabled.

Andy

[Expert@CP-STANDALONE-backup:0]# cipher_util
Which blade would you like to configure?
(1) Multi Portal
(2) SSL Inspection
2
Which list would you like to edit?
(1) TLS 1.2 Ciphers
(2) TLS 1.3 Ciphers
^C
[Expert@CP-STANDALONE-backup:0]# enabled_blades
fw vpn urlf appi identityServer mon
[Expert@CP-STANDALONE-backup:0]#

 

 

Screenshot_1.png

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top