Create a Post
Showing results for 
Search instead for 
Did you mean: 

Lost smart console connectivity after firewall upgrade

Dear All,

I'm in a peculiar situation, lost Smart console connectivity after the firewall upgrade to R81. I do not have access to the Smart console, since all traffic towards the Management server passes through the affected firewall only. Moreover we do not have any other systems in that Management server subnet at the moment. Please find the attached diagram for connectivity details. 

I am still having  SSH access to the gateway and to the management server. This firewall was on R80.30, now it is upgraded to R81.  

If I try to fetch the policy by running "fw fetch" command from the gateway, I get the error "module - sic name does not match"

fw fetch -f 

Fetching FW1 Security Policy From:

Management rejected fetch for this module - sic name does not match.
Policy Fetch Failed
Failed to fetch policy from masters in masters file


I believe this is happening because the original firewall object in the smart database is still  marked as R80.30  ( because I lost the console connection before changing the version)

Is there any option to change the Firewall object version to R81 through Management CLI? 


0 Kudos
2 Replies

You should be able to use the "set simple-gateway" command with the "version" parameter.


0 Kudos

Hi Tomer,

Thank you so much for that information. I've another catch with running API commands as given below.  I thought of taking help from Support, more over I'm not familiar with API . 


Mgnt: mgmt_cli set simple-gateway
Username: admin
message: "Error 404. The Management API service is not available. Please check that the Management A PI server is up and running."
code: "generic_error"
Chervon-Mgnt: api status

API Settings:
Accessibility: Require local
Automatic Start: Enabled


Name State PID More Information
API Started 8611
CPM Started 8611 Check Point Security Management Server is running and ready
FWM Started 7613
APACHE Started 6985

Port Details:
JETTY Internal Port: 50465
JETTY Documentation Internal Port: 50420
APACHE Gaia Port: 4434 (a non-default port)
When running mgmt_cli commands add '--port 4434'
When using web-services, add port 4434 to the URL

Machine profile: 15800-24800 with SME or Dedicated Log Server
CPM heap size: 1536m

Overall API Status: Started

API readiness test SUCCESSFUL. The server is up and ready to receive connections


0 Kudos