This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nüüül
Advisor
Advisor
‎2020-03-31 05:07 AM
Jump to solution

MaaS - Way to troubleshoot the Management Tunnel?

Hi all,

 

at the moment I am playing around with the Management as a Service. Which looks good so far. but there are a few questions:

 

  • possible to delete "connected" gateways? Not all were ever connected successfully. 
    • during troubleshooting i tried to connect my gateway multiple times
  • possible to troubleshoot the MaaS VPN? it gets established for a couple of seconds and then is back disconnected. Therefore no Communication is possible
  • Gateway with trouble is behind another Router, that is doing NAT ( Hiding towards Internet)

 

Thanks

 

Daniel

 

------------------------------------------------------------------------------------------------------------------------

Edit:

OK, rebooting the Gateway (virtual) and the underlying ESXi solved the connection problem. VPN is up and stays at this. \o/ (rebooted the gateway before with no improvement...)

No idea why, but Ok. 

 

But still, information for troubleshooting the maas_tunnel or so would be great 🙂

 

1 Solution

Accepted Solutions
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus
‎2020-04-14 07:17 AM
In response to PhoneBoy
Jump to solution

Connecting a gw to MaaS (new name SmartCloud) includes 2 steps:

1. register the gw in the infinity portal - at the end of this process, a gw object is created in the management and you get a unique authentication token, only then you can run a command on the gw (all information included in the portal) which creates the HTTPs tunnel between the gw and the mgmt, gw can be behind another gw/router.

2. initiate SIC from the management to the gw, same as in an on-prem mgmt.

 

Currently, there is no option to remove "connected" gws in the portal, we will add more actions to the "connected" gws cards in the portal, among them to delete and remove unused gw cards. 

if the gw isn't able to establish the communication with the service, you can check the following:

  1. Verify “Automatically download Blade Contracts and other important data” is enabled.
  2. Verify connectivity from the gateway to the internet and to updates.checkpoint.com

If going forward you still have issues with an unstable communication tunnel between the gateway and the service (which shouldn't be), please contact us maas@checkpoint.com and we will be happy to work with you together to better understand the issue.

Also, feel free to share more feedback.

Anat.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2020-04-02 04:15 PM
Jump to solution

@Anat_Eytan-Davi do we have any info on Troubleshooting issues with maas_tunnel?

0 Kudos
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus
‎2020-04-14 07:17 AM
In response to PhoneBoy
Jump to solution

Connecting a gw to MaaS (new name SmartCloud) includes 2 steps:

1. register the gw in the infinity portal - at the end of this process, a gw object is created in the management and you get a unique authentication token, only then you can run a command on the gw (all information included in the portal) which creates the HTTPs tunnel between the gw and the mgmt, gw can be behind another gw/router.

2. initiate SIC from the management to the gw, same as in an on-prem mgmt.

 

Currently, there is no option to remove "connected" gws in the portal, we will add more actions to the "connected" gws cards in the portal, among them to delete and remove unused gw cards. 

if the gw isn't able to establish the communication with the service, you can check the following:

  1. Verify “Automatically download Blade Contracts and other important data” is enabled.
  2. Verify connectivity from the gateway to the internet and to updates.checkpoint.com

If going forward you still have issues with an unstable communication tunnel between the gateway and the service (which shouldn't be), please contact us maas@checkpoint.com and we will be happy to work with you together to better understand the issue.

Also, feel free to share more feedback.

Anat.

Nüüül
Advisor
Advisor
‎2020-07-17 06:29 AM
In response to Anat_Eytan-Davi
Jump to solution

Hello,

 

During troubleshooting some of my own "dumb behaviour tests  😁" I just saw, that you managed to add a remove functionality for MAAS Gateways! Thanks for that!

Will see if I can manage to write down a bit about my experiences with MAAS over the last months.

 

Cheers

 

Daniel

0 Kudos
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus
‎2020-07-19 12:57 PM
In response to Nüüül
Jump to solution

Thank you Daniel, indeed we have added an option to delete/remove a gateway registration card from the portal.

Also, I'm inviting you to check our administration guide with a new section for troubleshooting and advanced configuration.

we are constantly updating the admin guide with more information, please feel free to share if something is missing.

j_silva
Contributor
‎2021-10-22 08:08 AM
In response to Anat_Eytan-Davi
Jump to solution

Recently i was facing a problem related to maas_tunnel. The output command cphaprob stat show that one of the node of the cluster was Down. According to output the reason is "Cluster Control Protocol packets are not received"

Someone has some explanation about it?

Preview file
60 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events