- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Mac support for SmartConsole apps in R80
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mac support for SmartConsole apps in R80
I'm using Mac for 90% of work. The only reason I have a 2nd machine (Windows PC) is to manage the firewall.
Will SmartConsole apps (SmartDashboard, Tracker, etc.) in R80 be able to run on Mac?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alex,
We have nothing against Mac's, it is simply that we use graphical rendering frameworks and software framework for SmartConsole (Previously Smart Dashboard and other tools) that is only compatible with Windows. The good news is the new SmartEvent now has SmartView, a web visualization tool that you can log into to see any logs and events that are happening anywhere within your enviroment - right from your Mac, or even your iPad.
Cory Pellegren
Check Point - Security Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree we need a MAC OSX client for R80 as well. I am getting tired of having to install windows on a VM just to manage the firewalls. I could understand only having a Windows client 15 years ago, but come one get with the times. I could remember going to CPX and even Cisco Live conferences and when you looked at all the people in the breakout sessions and in the meeting rooms you might see one or two MAC's. Then over the years it went to more and more, and now it seemed like if you don't have a MAC you are in the minority.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alex,
We have nothing against Mac's, it is simply that we use graphical rendering frameworks and software framework for SmartConsole (Previously Smart Dashboard and other tools) that is only compatible with Windows. The good news is the new SmartEvent now has SmartView, a web visualization tool that you can log into to see any logs and events that are happening anywhere within your enviroment - right from your Mac, or even your iPad.
Cory Pellegren
Check Point - Security Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Plus, with R80's APIs, you can now work from anywhere, regardless of OS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree that that API's are going to be a great help, and we are excited about it, but more in the scope of SDN. However, the API's are not a feasible solution for everyone, or even everyone on the same team. So you are forcing me to create scripts or write my own interface using the APIs just so I can use a MAC? That is not a solution. Yes the API's can be used from different OS's but it doesn't replace the GUI Console for team members that are Firewall admins that do day-to-day changes. These users are not programmers. It is easy for developers to sit back and say use the API's especially when you are the creator of the software. Sometimes I think Check Point forgets or loses touch with the people who use their software each and every day.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are very aware of our customers' preferred operating systems. We hope that the changes of R80 solved some of the most crucial problems of our previous products, such as concurrent administrators, opportunity to scale up the objects system, and improving the user experience by moving from a blade-oriented application to a task-oriented application.
When we had the features/time matrix, for R80 the decision was to continue operating as a Windows native app, especially with SmartDashboard still being a component for working with some of the blades in this version.
We hope that the new Check Point API with the addition of this community will provide an ecosystem for users to share their works and upload new ways to interact with the Security Management server. We realize that this is not the complete solution for the Mac problem, but this is the feature set that R80 comes with.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The CLI is also an option, which will of course work from every OS over SSH or similar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smartconsole R77.30 on Ubuntu
Installing Smartconsole R77.30 ubuntu
Install playonlinux from Ubuntu software.
Launch playonlinux
Select “install a non listed program”
Create a new virtual drive.
I create a 32bit apps folder as below.
Install some libraries, and configure wine as below
Select 32bit application installation
Let it create the wine drive
Set wine to windows 7
Install the following libraries
POL_install_corefonts
POL_Install_donet35
POL_Install_donet35sp1
POL_Install_donet40
POL_Install_donet45
Pol_Install_mfc42
Pol_Install_mfc40
Pol_Install_msvc100
Pol_Install_msvc80
Pol_Install_msvc90
Pol_Install_msxml3
Pol_Install_msxml3
Pol_Install_msxml4
Pol_Install_msxml6
Pol_Install_riched20
Pol_Install_riched30
Pol_Install_riched20
Pol_Install_tahoma
Pol_Install_tahoma2
Pol_Install_vbrun6
Pol_Install_vcrun2005
Pol_Install_vcrun2008
Pol_Install_vcrun2011
Pol_Install_vcrun2012
Pol_Install_vcrun2013
Pol_Install_vcrun6
Pol_Install_InstallFonts
Follow install and let it complete.
You will see an error you need to do the following in terminal.
Sudo echo 0 | sudo tee /proc/sys/kernel/yam/ptrace_scope
During install you may get an error this can safely be ignored and continue on.
As below say no and move on
And this
Download checkpoint R77.30 Smartconsole.
Open the install with archive manager and extract smartconsole.exe
Next you should be prompted to find the install file browse and add it.
Complete the install as normal windows install then you can launch Smartconsole in Ubuntu as below
Known issues
- Smartview tracker works also filtering is a bit strange in demo mode works with real firewall.
- Login you need to use the mouse to move to the next character or will not take the password correctly.
- Endpoint console does not work
- SmartView monitor does not work
I have images to attach but forum does not allow this.
any questions just ask guys.
will try R80.10 at some point and let you know.
Thanks
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We actually do allow photos...you can drag and drop them into the text editor.
Also, there's a "picture" icon in the toolbar of the editor.
If neither of these work for you, please contact me via PM.
The GUI in R80.x will surely have a different set of dependencies with Wine.
Previously I installed SmartDashboard with the commercial version of Wine called Crossover Linux (or Mac).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is a video link all might make it easier.
R77.30 smartconsole on Ubuntu full install working - YouTube
Thanks
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
from testing R80.10 fails to connect to the Management server, I don't know what is causing this yet.
may be the finger print popup which is causing this as I am not seeing it on Wine with R80.10 install.
may be worth trying to add the registry entry for the finger print see if it gets round it.
but I expect Wine can't handle R80.10 full stop. also you need to use Staging version 2.16 to get Smartconsole R80.10 to start in Wine.
if anyone works this out let us know.
Thanks
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried using Crossover Mac yesterday with R80.10 and got similar results.
First, you have to install the various dependencies manually (e.g. Visual C++ 2005/2010/2012 and Microsoft .NET 4.5), then install SmartConsole.
It seems the window visuals weren't properly refreshing, which created some interesting issues.
And yes, I ran into the "can't connect to management" issue as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you or anyone tried this recently? WINE and CrossOver do move on. I come back to this stuff periodically in hope.
Even 5 years ago you did better than I did. It's very hard to tease out those dependencies, but I can't get it to move beyond the unpacking progress bar.
R77 worked fine. R80 uses some crazy libraries... we've all seen the windows zooming/snapping in and out, so there is some strange graphical rendering going on.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I haven’t tried this myself recently.
Given that we now have a web-based version of SmartConsole, there is less need for this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm still going to ask if you have any idea why it's stalling on CRL downloads....
bash-3.2# tcpdump -i any tcp port 18264
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
15:20:16.057786 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [S], seq 659357598, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2695332272 ecr 0,sackOK,eol], length 0
15:20:16.093006 IP ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264 > 10.11.1.238.54585: Flags [S.], seq 2486278603, ack 659357599, win 28960, options [mss 1460,sackOK,TS val 7464633 ecr 2695332272,nop,wscale 10], length 0
15:20:16.093121 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [.], ack 1, win 2058, options [nop,nop,TS val 2695332307 ecr 7464633], length 0
15:20:16.094406 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [F.], seq 1, ack 1, win 2058, options [nop,nop,TS val 2695332308 ecr 7464633], length 0
15:20:16.131496 IP ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264 > 10.11.1.238.54585: Flags [F.], seq 1, ack 2, win 29, options [nop,nop,TS val 7464672 ecr 2695332308], length 0
15:20:16.131622 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [.], ack 2, win 2058, options [nop,nop,TS val 2695332345 ecr 7464672], length 0
^C
6 packets captured
1462 packets received by filter
0 packets dropped by kernel
(Seeing zero length payloads)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And yes, as you say.... I haven't played with that yet though because we still have so few customers on R81. So it's not a practical answer yet for maybe another 2 years 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right. Let's go back to stone age and manage FWs from CLI. I thought CP was proud of providing the best administrative experience with fat GUI clients. My mistake 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Do we have any smartconsole package which is compatible with the macOS for R81.10 version.
WR,
Shira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, web-based console is the direction for such use cases today.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We offer Web SmartConsole, the functionality of which will be improved in upcoming versions.
There are no plans to make a native SmartConsole for macOS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I haven't tested WINE lately. For this purpose a small Windows virtual machine might to the trick as well.
For R80 I expect you might be able to do most of the work with the API if you really want to so you could write up some sort of portable Console if you feel inclined to do so.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I second the request to extend SmartConsole capabilities to OSX. It is a shame one has to run a virtual machine any time a FW rule needs to be changed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ditto - I have to open Windows VM on my Mac just to be able to run SmartConsole
OSX support would be awesome
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Ditto - Use a windows VM on a Mac for management. As one of the many Items I work with I'm unlikely to use anything but the built in management tool. OS X would be a nice direction to see.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't believe saying "...we use graphical rendering frameworks and software framework for SmartConsole that is only compatible with Windows..." is a valid answer, nor suggesting the use of API or CLI. For everyday managing work of FW Admins working on Mac, a Mac Console is needed and is it just a matter of assigning Dev resources to it.
It is in fact shameful having to open a Windows VM just to able to run the Console. This is even a "limitation" mentioned by other vendors with clearly inferior consoles, but that can work from any OS.
I have hear complains about this for over 14 years now and honestly I was expecting Check Point considering it for R80.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sergio,
Multiple OS support was considered during the design of R80. The decision was to prefer the framework that we eventually chose. That decision allowed us to pack the wide range of features SmartConsole offers today. It also enables us quality delivers of new features coming up. However, I can understand your point of view. As we progress, more features will find web UI alternatives starting already with the new SmartEvent (or SmartView).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From my experiece, 11 years and 4 employers across Enterprises and Resellers, only one 1 of those companies would have had the option to use Apple. Are those asking for OSX support coming from a Consulting/Professional Services background, or is this coming from Enterprise customers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kurtis, this "show me the money" attitude that some CP employees tend to assume every time someone asks to support Mac is really annoying.
The bare fact is, CP blows Mac support for all kind of products, not just SmartConsole, for many years.
Money was not the issue, when CP blew a large Securemote deal a decade ago. It is not an issue to release a working Capsule agent instead of five year old alpha that cannot even assume right permissions when installed on latest OS X.
i do remember some Mac laptops laying around TA QA offices in 2000-2003, while Mac was 1% of entreprise installation base back than. Why is it a problem now, when Mac share is 26% against all Windows summing below 57% of user base?
Please stop looking for excuses and start owing your limitations.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your input and assumptions on the intent of my question
I just don't hear it from any of my customers, nor has it been an issue for me in the past.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
one's personal experience is never compelling