Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alex_Alborzfard
Contributor

Mac support for SmartConsole apps in R80

Jump to solution

I'm using Mac for 90% of work. The only reason I have a 2nd machine (Windows PC) is to manage the firewall.

Will SmartConsole apps (SmartDashboard, Tracker, etc.) in R80 be able to run on Mac?

1 Solution

Accepted Solutions
Cory_Pellegren
Employee Alumnus
Employee Alumnus

Hi Alex,

We have nothing against Mac's, it is simply that we use graphical rendering frameworks and software framework for SmartConsole (Previously Smart Dashboard and other tools) that is only compatible with Windows. The good news is the new SmartEvent now has SmartView, a web visualization tool that you can log into to see any logs and events that are happening anywhere within your enviroment - right from your Mac, or even your iPad.

Cory Pellegren

Check Point - Security Engineer

View solution in original post

35 Replies
M_Ruszkowski
Collaborator

I agree we need a MAC OSX client for R80 as well.  I am getting tired of having to install windows on a VM just to manage the firewalls.  I could understand only having a Windows client 15 years ago, but come one get with the times.   I could remember going to CPX and even Cisco Live conferences and when you looked at all the people in the breakout sessions and in the meeting rooms you might see one or two MAC's.  Then over the years it went to more and more, and now it seemed like if you don't have a MAC you are in the minority.

Cory_Pellegren
Employee Alumnus
Employee Alumnus

Hi Alex,

We have nothing against Mac's, it is simply that we use graphical rendering frameworks and software framework for SmartConsole (Previously Smart Dashboard and other tools) that is only compatible with Windows. The good news is the new SmartEvent now has SmartView, a web visualization tool that you can log into to see any logs and events that are happening anywhere within your enviroment - right from your Mac, or even your iPad.

Cory Pellegren

Check Point - Security Engineer

View solution in original post

Cory_Pellegren
Employee Alumnus
Employee Alumnus

Plus, with R80's APIs, you can now work from anywhere, regardless of OS Smiley Happy

M_Ruszkowski
Collaborator

I agree that that API's are going to be a great help, and we are excited about it, but more in the scope of SDN.  However, the API's are not a feasible solution for everyone, or even everyone on the same team.  So you are forcing me to create scripts or write my own interface using the APIs just so I can use a MAC?  That is not a solution.  Yes the API's can be used from different OS's but it doesn't replace the GUI Console for team members that are Firewall admins that do day-to-day changes.  These users are not programmers.  It is easy for developers to sit back and say use the API's especially when you are the creator of the software.  Sometimes I think Check Point forgets or loses touch with the people who use their software each and every day.

Tomer_Sole
Employee Alumnus
Employee Alumnus

Hi,

We are very aware of our customers' preferred operating systems. We hope that the changes of R80 solved some of the most crucial problems of our previous products, such as concurrent administrators, opportunity to scale up the objects system, and improving the user experience by moving from a blade-oriented application to a task-oriented application.

When we had the features/time matrix, for R80 the decision was to continue operating as a Windows native app, especially with SmartDashboard still being a component for working with some of the blades in this version.

We hope that the new Check Point API with the addition of this community will provide an ecosystem for users to share their works and upload new ways to interact with the Security Management server. We realize that this is not the complete solution for the Mac problem, but this is the feature set that R80 comes with.

PhoneBoy
Admin
Admin

The CLI is also an option, which will of course work from every OS over SSH or similar.

0 Kudos
franco_carchedi
Participant

Smartconsole R77.30 on Ubuntu

Installing Smartconsole R77.30 ubuntu

Install playonlinux from Ubuntu software.

Launch playonlinux

Select “install a non listed program”

Create a new virtual drive.

I create a 32bit apps folder as below.

Install some libraries, and configure wine as below

Select 32bit application installation

Let it create the wine drive

Set wine to windows 7

Install the following libraries

 

POL_install_corefonts

POL_Install_donet35

POL_Install_donet35sp1

POL_Install_donet40

POL_Install_donet45

Pol_Install_mfc42

Pol_Install_mfc40

Pol_Install_msvc100

Pol_Install_msvc80

Pol_Install_msvc90

Pol_Install_msxml3

Pol_Install_msxml3

Pol_Install_msxml4

Pol_Install_msxml6

Pol_Install_riched20

Pol_Install_riched30

Pol_Install_riched20

Pol_Install_tahoma

Pol_Install_tahoma2

Pol_Install_vbrun6

Pol_Install_vcrun2005

Pol_Install_vcrun2008

Pol_Install_vcrun2011

Pol_Install_vcrun2012

Pol_Install_vcrun2013

Pol_Install_vcrun6

Pol_Install_InstallFonts

Follow install and let it complete.

 

You will see an error you need to do the following in terminal.

 

Sudo echo 0 | sudo tee /proc/sys/kernel/yam/ptrace_scope

 

During install you may get an error this can safely be ignored and continue on.

As below say no and move on

 

And this

 

 Download checkpoint R77.30 Smartconsole.

 

Open the install with archive manager and extract smartconsole.exe

 

Next you should be prompted to find the install file browse and add it.

 

Complete the install as normal windows install then you can launch Smartconsole in Ubuntu as below

 

Known issues

  • Smartview tracker works also filtering is a bit strange in demo mode works with real firewall.
  • Login you need to use the mouse to move to the next character or will not take the password correctly.
  • Endpoint console does not work
  • SmartView monitor does not work

 I have images to attach but forum does not allow this.

any questions just ask guys.

will try R80.10 at some point and let you know.

Thanks

Frank

PhoneBoy
Admin
Admin

We actually do allow photos...you can drag and drop them into the text editor.

Also, there's a "picture" icon in the toolbar of the editor.

If neither of these work for you, please contact me via PM.

The GUI in R80.x will surely have a different set of dependencies with Wine.

Previously I installed SmartDashboard with the commercial version of Wine called Crossover Linux (or Mac).

0 Kudos
franco_carchedi
Participant

Here is a video link all might make it easier.

R77.30 smartconsole on Ubuntu full install working - YouTube 

Thanks

Frank

0 Kudos
franco_carchedi
Participant

from testing R80.10 fails to connect to the Management server, I don't know what is causing this yet.

may be the finger print popup which is causing this as I am not seeing it on Wine with R80.10 install.

may be worth trying to add the registry entry for the finger print see if it gets round it.

but I expect Wine can't handle R80.10 full stop. also you need to use Staging version 2.16 to get Smartconsole R80.10 to start in Wine.

if anyone works this out let us know.

Thanks

Frank

0 Kudos
PhoneBoy
Admin
Admin

I tried using Crossover Mac yesterday with R80.10 and got similar results.

First, you have to install the various dependencies manually (e.g. Visual C++ 2005/2010/2012 and Microsoft .NET 4.5), then install SmartConsole.

It seems the window visuals weren't properly refreshing, which created some interesting issues.

And yes, I ran into the "can't connect to management" issue as well.

Greg_Harewood
Contributor

Have you or anyone tried this recently?  WINE and CrossOver do move on.  I come back to this stuff periodically in hope.

Even 5 years ago you did better than I did.  It's very hard to tease out those dependencies, but I can't get it to move beyond the unpacking progress bar.

R77 worked fine.  R80 uses some crazy libraries... we've all seen the windows zooming/snapping in and out, so there is some strange graphical rendering going on.

0 Kudos
PhoneBoy
Admin
Admin

I haven’t tried this myself recently.
Given that we now have a web-based version of SmartConsole, there is less need for this.

0 Kudos
Greg_Harewood
Contributor

I'm still going to ask if you have any idea why it's stalling on CRL downloads....

 

bash-3.2# tcpdump -i any tcp port 18264

tcpdump: data link type PKTAP

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes

15:20:16.057786 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [S], seq 659357598, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2695332272 ecr 0,sackOK,eol], length 0

15:20:16.093006 IP ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264 > 10.11.1.238.54585: Flags [S.], seq 2486278603, ack 659357599, win 28960, options [mss 1460,sackOK,TS val 7464633 ecr 2695332272,nop,wscale 10], length 0

15:20:16.093121 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [.], ack 1, win 2058, options [nop,nop,TS val 2695332307 ecr 7464633], length 0

15:20:16.094406 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [F.], seq 1, ack 1, win 2058, options [nop,nop,TS val 2695332308 ecr 7464633], length 0

15:20:16.131496 IP ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264 > 10.11.1.238.54585: Flags [F.], seq 1, ack 2, win 29, options [nop,nop,TS val 7464672 ecr 2695332308], length 0

15:20:16.131622 IP 10.11.1.238.54585 > ec2-3-67-225-215.eu-central-1.compute.amazonaws.com.18264: Flags [.], ack 2, win 2058, options [nop,nop,TS val 2695332345 ecr 7464672], length 0

^C

6 packets captured

1462 packets received by filter

0 packets dropped by kernel

 

 

(Seeing zero length payloads)

0 Kudos
Greg_Harewood
Contributor

And yes, as you say.... I haven't played with that yet though because we still have so few customers on R81.  So it's not a practical answer yet for maybe another 2 years 🙂

0 Kudos
_Val_
Admin
Admin

Right. Let's go back to stone age and manage FWs from CLI. I thought CP was proud of providing the best administrative experience with fat GUI clients. My mistake 🙂

Hugo_vd_Kooij
Advisor

I haven't tested WINE lately. For this purpose a small Windows virtual machine might to the trick as well.

For R80 I expect you might be able to do most of the work with the API if you really want to so you could write up some sort of portable Console if you feel inclined to do so.

0 Kudos
_Val_
Admin
Admin

I second the request to extend SmartConsole capabilities to OSX. It is a shame one has to run a virtual machine any time a FW rule needs to be changed. 

Michael_Pokrovs
Participant

Ditto - I have to open Windows VM on my Mac just to be able to run SmartConsole Smiley Happy 

OSX support would be awesome

Eric_Boughton
Participant

Re: Ditto - Use a windows VM on a Mac for management. As one of the many Items I work with I'm unlikely to use anything but the built in management tool. OS X would be a nice direction to see.

Sergio_Alvarez
Participant

I don't believe saying "...we use graphical rendering frameworks and software framework for SmartConsole that is only compatible with Windows..." is a valid answer, nor suggesting the use of API or CLI. For everyday managing work of FW Admins working on Mac, a Mac Console is needed and is it just a matter of assigning Dev resources to it.

It is in fact shameful having to open a Windows VM just to able to run the Console. This is even a "limitation" mentioned by other vendors with clearly inferior consoles, but that can work from any OS.

I have hear complains about this for over 14 years now and honestly I was expecting Check Point considering it for R80.

0 Kudos
Tomer_Sole
Employee Alumnus
Employee Alumnus

Hi Sergio,

Multiple OS support was considered during the design of R80. The decision was to prefer the framework that we eventually chose. That decision allowed us to pack the wide range of features SmartConsole offers today. It also enables us quality delivers of new features coming up. However, I can understand your point of view. As we progress, more features will find web UI alternatives starting already with the new SmartEvent (or SmartView). 

0 Kudos
Kurtis_Johnson
Employee
Employee

From my experiece, 11 years and 4 employers across Enterprises and Resellers, only one 1 of those companies would have had the option to use Apple.  Are those asking for OSX support coming from a Consulting/Professional Services background, or is this coming from Enterprise customers?

0 Kudos
_Val_
Admin
Admin

Kurtis, this "show me the money" attitude that some CP employees tend to assume every time someone asks to support Mac is really annoying. 

The bare fact is, CP blows Mac support for all kind of products, not just SmartConsole, for many years. 

Money was not the issue, when CP blew a large Securemote deal a decade ago. It is not an issue to release a working Capsule agent instead of five year old alpha that cannot even assume right permissions when installed on latest OS X. 

i do remember some Mac laptops laying around TA QA offices in 2000-2003, while Mac was 1% of entreprise installation base back than. Why is it a problem now, when Mac share is 26% against all Windows summing below 57% of user base?

Please stop looking for excuses and start owing your limitations. 

Thank you

Kurtis_Johnson
Employee
Employee

Thanks for your input and assumptions on the intent of my question Smiley Happy

I just don't hear it from any of my customers, nor has it been an issue for me in the past.

0 Kudos
_Val_
Admin
Admin

one's personal experience is never compelling 

0 Kudos
Kurtis_Johnson
Employee
Employee

Hence the question Smiley Happy

0 Kudos
Sergio_Alvarez
Participant

Hello Kurtis,

I've been working with the same Check Point partner for the last 14 years, even at the begining, I had a couple of customers working as firewall admins with Mac computers and the amount of people using it has increased over the years.  The fact you have not worked on companies that would allow for IT staff to choose working with Mac instead of Windows, does not mean there is a not good amount of fw admins, consultants and support providers using it.  

Ave_Joe
Contributor

Valeri LoukineKurtis Johnson

I agree 100% with Loukine on his comments.  CP has told me for years that customers do not request Mac support so thus no income and thus no support.   As a customer and I have asked for better Mac support for years.  Hell, today, I would be happy with just Secondary Connect functionality on the Mac platform.

Additionally, this 'show me the money' attitude is not only reflected with Mac support but also with Linux support.

"We just don't see a large enough demand across the customer base. . ."

Doh!  Of course you have no customer demand for these platforms as you have no software that can run on these platforms.  

I believe.  Do you?

Field of Dreams - People Will Come Speech, James Earl Jones - YouTube