This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rajesh_Krishnan
Explorer
‎2021-10-09 11:09 PM

Lost smart console connectivity after firewall upgrade

Dear All,

I'm in a peculiar situation, lost Smart console connectivity after the firewall upgrade to R81. I do not have access to the Smart console, since all traffic towards the Management server passes through the affected firewall only. Moreover we do not have any other systems in that Management server subnet at the moment. Please find the attached diagram for connectivity details. 

I am still having  SSH access to the gateway and to the management server. This firewall was on R80.30, now it is upgraded to R81.  

If I try to fetch the policy by running "fw fetch" command from the gateway, I get the error "module - sic name does not match"

fw fetch -f 

Fetching FW1 Security Policy From: 10.128.48.4

Management rejected fetch for this module - sic name does not match.
Policy Fetch Failed
Failed to fetch policy from masters in masters file

 

I believe this is happening because the original firewall object in the smart database is still  marked as R80.30  ( because I lost the console connection before changing the version)

Is there any option to change the Firewall object version to R81 through Management CLI? 

 

Preview file
21 KB
0 Kudos
2 Replies
Tomer_Noy
Employee
Employee
‎2021-10-10 03:13 AM

You should be able to use the "set simple-gateway" command with the "version" parameter.

https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-simple-gateway~v1.7%20

 

0 Kudos
Rajesh_Krishnan
Explorer
‎2021-10-10 03:40 AM
In response to Tomer_Noy

Hi Tomer,

Thank you so much for that information. I've another catch with running API commands as given below.  I thought of taking help from Support, more over I'm not familiar with API . 

 

Mgnt: mgmt_cli set simple-gateway
Username: admin
Password:
message: "Error 404. The Management API service is not available. Please check that the Management A PI server is up and running."
code: "generic_error"
Chervon-Mgnt: api status

API Settings:
---------------------
Accessibility: Require local
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 8611
CPM Started 8611 Check Point Security Management Server is running and ready
FWM Started 7613
APACHE Started 6985

Port Details:
-------------------
JETTY Internal Port: 50465
JETTY Documentation Internal Port: 50420
APACHE Gaia Port: 4434 (a non-default port)
When running mgmt_cli commands add '--port 4434'
When using web-services, add port 4434 to the URL

Profile:
-------------------
Machine profile: 15800-24800 with SME or Dedicated Log Server
CPM heap size: 1536m

--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫