This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jamesdean-1
Explorer
Thursday

Initial config on Smart-1 600-S

Hi all,

I know this is probably impossible but just trying to save some leg work and money. 

 

We have a Smart-1 600-S located overseas, it has been factory reset and is connected to a switch using eth1 interface. I tried putting that switchport into an access vlan with 192.168.1.2 on the switch, but I could not access 192.168.1.1. I have then come to realise, that likely only mgmt port will be accessible on 192.168.1.1, is this correct? Can any genius come up with a way I can access this device remotely on eth1 after factory reset? It will take a month to get someone onsite even for a simple thing like plugging a cable in unfortunately.

 

TIA

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
Thursday

If you can't reach the device by IP, you should be able to reach it via Console and/or LOM.
Are either of those options?
If so, you can see what interface 192.168.1.1 is actually assigned to and change it via clish commands.

Otherwise, without some sort of console access to the appliance, you're going to have a hard time fixing it remotely.

0 Kudos
jamesdean-1
Explorer
Thursday
In response to PhoneBoy

Unfortunately not, this device just has two cables in it, one the power cord, and the other is the ethernet between eth1 on the smart1 and the cisco switch. All I know is it was factory reset, so I have to assume its now got 192.168.1.1, but from the documentation I believe that is only accessible via mgmt port, there is no-one near this device to plug into the console port for us 

0 Kudos
the_rock
Legend
Legend
Thursday
In response to jamesdean-1

Im afraid you might be out of luck : - (. What @PhoneBoy is true about LOM card, but after its factory reset, that would also need to be configured. 

You are correct that mgmt IP by default would have that IP address, 192.168.1.1

So there is absolutely no one that could physically connect to the appliance and console into it?

Andy

0 Kudos
jamesdean-1
Explorer
Thursday
In response to the_rock

Ok thanks, we suspected as much, we do have a remote hands arrangement, just a language barrier and a several weeks of raising purchase orders to deal with to get them there 😛

0 Kudos
the_rock
Legend
Legend
Thursday
In response to jamesdean-1

Fair enough. Hope it all works out.

Andy

0 Kudos
JozkoMrkvicka
Authority
Authority
7 hours ago
In response to the_rock

LOM config stays even you do factory reset of OS. You have to reset LOM IP/credentials to default values manually using CLI or WebUI.

Kind regards,
Jozko Mrkvicka
0 Kudos
the_rock
Legend
Legend
5 hours ago
In response to JozkoMrkvicka

Are you 100% sure about that? Because I was on the phone once with customer and TAC as well and they had to do factory reset of 6200 appliance and all settings were wiped out, including LOM  as well. I will say though, I cant recall if it gave them an option to preserve the config for LOM, as I did see that before.

Andy

0 Kudos
JozkoMrkvicka
Authority
Authority
7 hours ago
In response to jamesdean-1

It is impossible just to move cable from eth1 to Mgmt ? Then you should be able to reach 192.168.1.1/24.

Kind regards,
Jozko Mrkvicka
0 Kudos
oa_munich
Contributor
11 hours ago

Probably not helpful at this stage, but I keep a PiKVM https://github.com/pikvm/pikvm at all remote sites with a console, HDMI and a USB-C cable, as well as a 5G/LTE modem around, so that the local staff could connect the device to pretty much any box. I have it initiate a VPN connection and can ssh into the box once connected. Pays for itself with a single site fall out, saved us from a few last minute weekend flights.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events