Plus, with R80's APIs, you can now work from anywhere, regardless of OS

Hi,

We are very aware of our customers' preferred operating systems. We hope that the changes of R80 solved some of the most crucial problems of our previous products, such as concurrent administrators, opportunity to scale up the objects system, and improving the user experience by moving from a blade-oriented application to a task-oriented application.

When we had the features/time matrix, for R80 the decision was to continue operating as a Windows native app, especially with SmartDashboard still being a component for working with some of the blades in this version.

We hope that the new Check Point API with the addition of this community will provide an ecosystem for users to share their works and upload new ways to interact with the Security Management server. We realize that this is not the complete solution for the Mac problem, but this is the feature set that R80 comes with.

The CLI is also an option, which will of course work from every OS over SSH or similar.

Smartconsole R77.30 on Ubuntu

Installing Smartconsole R77.30 ubuntu

Install playonlinux from Ubuntu software.

Launch playonlinux

Select “install a non listed program”

Create a new virtual drive.

I create a 32bit apps folder as below.

Install some libraries, and configure wine as below

Select 32bit application installation

Let it create the wine drive

Set wine to windows 7

Install the following libraries

POL_install_corefonts

POL_Install_donet35

POL_Install_donet35sp1

POL_Install_donet40

POL_Install_donet45

Pol_Install_mfc42

Pol_Install_mfc40

Pol_Install_msvc100

Pol_Install_msvc80

Pol_Install_msvc90

Pol_Install_msxml3

Pol_Install_msxml3

Pol_Install_msxml4

Pol_Install_msxml6

Pol_Install_riched20

Pol_Install_riched30

Pol_Install_riched20

Pol_Install_tahoma

Pol_Install_tahoma2

Pol_Install_vbrun6

Pol_Install_vcrun2005

Pol_Install_vcrun2008

Pol_Install_vcrun2011

Pol_Install_vcrun2012

Pol_Install_vcrun2013

Pol_Install_vcrun6

Pol_Install_InstallFonts

Follow install and let it complete.

You will see an error you need to do the following in terminal.

Sudo echo 0 | sudo tee /proc/sys/kernel/yam/ptrace_scope

During install you may get an error this can safely be ignored and continue on.

As below say no and move on

And this

 Download checkpoint R77.30 Smartconsole.

Open the install with archive manager and extract smartconsole.exe

Next you should be prompted to find the install file browse and add it.

Complete the install as normal windows install then you can launch Smartconsole in Ubuntu as below

Known issues

• Smartview tracker works also filtering is a bit strange in demo mode works with real firewall.
• Login you need to use the mouse to move to the next character or will not take the password correctly.
• Endpoint console does not work
• SmartView monitor does not work

 I have images to attach but forum does not allow this.

any questions just ask guys.

will try R80.10 at some point and let you know.

Thanks

Frank

We actually do allow photos...you can drag and drop them into the text editor.

Also, there's a "picture" icon in the toolbar of the editor.

If neither of these work for you, please contact me via PM.

The GUI in R80.x will surely have a different set of dependencies with Wine.

Previously I installed SmartDashboard with the commercial version of Wine called Crossover Linux (or Mac).

Here is a video link all might make it easier.

R77.30 smartconsole on Ubuntu full install working - YouTube 

Thanks

Frank

from testing R80.10 fails to connect to the Management server, I don't know what is causing this yet.

may be the finger print popup which is causing this as I am not seeing it on Wine with R80.10 install.

may be worth trying to add the registry entry for the finger print see if it gets round it.

but I expect Wine can't handle R80.10 full stop. also you need to use Staging version 2.16 to get Smartconsole R80.10 to start in Wine.

if anyone works this out let us know.

Thanks

Frank

I tried using Crossover Mac yesterday with R80.10 and got similar results.

First, you have to install the various dependencies manually (e.g. Visual C++ 2005/2010/2012 and Microsoft .NET 4.5), then install SmartConsole.

It seems the window visuals weren't properly refreshing, which created some interesting issues.

And yes, I ran into the "can't connect to management" issue as well.

Have you or anyone tried this recently?  WINE and CrossOver do move on.  I come back to this stuff periodically in hope.

Even 5 years ago you did better than I did.  It's very hard to tease out those dependencies, but I can't get it to move beyond the unpacking progress bar.

R77 worked fine.  R80 uses some crazy libraries... we've all seen the windows zooming/snapping in and out, so there is some strange graphical rendering going on.

I haven’t tried this myself recently.
Given that we now have a web-based version of SmartConsole, there is less need for this.

I'm still going to ask if you have any idea why it's stalling on CRL downloads....

bash-3.2# tcpdump -i any tcp port 18264

tcpdump: data link type PKTAP

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes

15:20:16.057786 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [S], seq 659357598, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2695332272 ecr 0,sackOK,eol], length 0

15:20:16.093006 IP ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264 > 10.11.1.238.54585: Flags [S.], seq 2486278603, ack 659357599, win 28960, options [mss 1460,sackOK,TS val 7464633 ecr 2695332272,nop,wscale 10], length 0

15:20:16.093121 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [.], ack 1, win 2058, options [nop,nop,TS val 2695332307 ecr 7464633], length 0

15:20:16.094406 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [F.], seq 1, ack 1, win 2058, options [nop,nop,TS val 2695332308 ecr 7464633], length 0

15:20:16.131496 IP ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264 > 10.11.1.238.54585: Flags [F.], seq 1, ack 2, win 29, options [nop,nop,TS val 7464672 ecr 2695332308], length 0

15:20:16.131622 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [.], ack 2, win 2058, options [nop,nop,TS val 2695332345 ecr 7464672], length 0

^C

6 packets captured

1462 packets received by filter

0 packets dropped by kernel

(Seeing zero length payloads)

And yes, as you say.... I haven't played with that yet though because we still have so few customers on R81.  So it's not a practical answer yet for maybe another 2 years 🙂

Right. Let's go back to stone age and manage FWs from CLI. I thought CP was proud of providing the best administrative experience with fat GUI clients. My mistake 🙂

Hi Sergio,

Multiple OS support was considered during the design of R80. The decision was to prefer the framework that we eventually chose. That decision allowed us to pack the wide range of features SmartConsole offers today. It also enables us quality delivers of new features coming up. However, I can understand your point of view. As we progress, more features will find web UI alternatives starting already with the new SmartEvent (or SmartView). 

From my experiece, 11 years and 4 employers across Enterprises and Resellers, only one 1 of those companies would have had the option to use Apple.  Are those asking for OSX support coming from a Consulting/Professional Services background, or is this coming from Enterprise customers?

Kurtis, this "show me the money" attitude that some CP employees tend to assume every time someone asks to support Mac is really annoying. 

The bare fact is, CP blows Mac support for all kind of products, not just SmartConsole, for many years. 

Money was not the issue, when CP blew a large Securemote deal a decade ago. It is not an issue to release a working Capsule agent instead of five year old alpha that cannot even assume right permissions when installed on latest OS X. 

i do remember some Mac laptops laying around TA QA offices in 2000-2003, while Mac was 1% of entreprise installation base back than. Why is it a problem now, when Mac share is 26% against all Windows summing below 57% of user base?

Please stop looking for excuses and start owing your limitations. 

Thank you

Thanks for your input and assumptions on the intent of my question

I just don't hear it from any of my customers, nor has it been an issue for me in the past.

one's personal experience is never compelling 

Hence the question

Hello Kurtis,

I've been working with the same Check Point partner for the last 14 years, even at the begining, I had a couple of customers working as firewall admins with Mac computers and the amount of people using it has increased over the years.  The fact you have not worked on companies that would allow for IT staff to choose working with Mac instead of Windows, does not mean there is a not good amount of fw admins, consultants and support providers using it.  

Valeri Loukine‌Kurtis Johnson

I agree 100% with Loukine on his comments.  CP has told me for years that customers do not request Mac support so thus no income and thus no support.   As a customer and I have asked for better Mac support for years.  Hell, today, I would be happy with just Secondary Connect functionality on the Mac platform.

Additionally, this 'show me the money' attitude is not only reflected with Mac support but also with Linux support.

"We just don't see a large enough demand across the customer base. . ."

Doh!  Of course you have no customer demand for these platforms as you have no software that can run on these platforms.  

I believe.  Do you?

Field of Dreams - People Will Come Speech, James Earl Jones - YouTube