Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
H_Cheng
Contributor

New Install Security Management Server

I am trying to install R80.10 on VMware for my learning. After I install GAIA and configure Security Management Server during the first login GAIA, I am unable to login through SmartConsole. I get “Unable to connect to server. Please make sure that all processes of the server are up and running.”. I checked cpconfig the certificate’s fingerprint is same as SmartConsole prompts, run cpm_status.sh showing CheckPoint Security Management Server is running state. And I have also tried to re-install GAIA with Jumbo Hotfix installed, but I get the same problem.

Do anyone instruct me how I can setup the environment? Is there any log file I can check for problem determination?

Thanks

24 Replies
PhoneBoy
Admin
Admin

It can take several minutes before you're able to connect with SmartConsole on the first startup.

What hardware (RAM/disk) did you configure the virtual machine with?

0 Kudos
H_Cheng
Contributor

I wait for the system startup and load a while, and I checked the CPU utilization with "top" command. I assigned 6G RAM and 4 virtual core. When I login SmartConsole, it can prompt the server's fingerprint and I see there are few more java processes run. But after click to continue login, it returns "Unable to connect to server".

0 Kudos
PhoneBoy
Admin
Admin

6gb of RAM is bare minimum and will not provide an optimal experience, especially on VM.

I would allocate at least 8gb of RAM to the VM, more if you intend to use SmartEvent as well.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

In my LAB it takes around 10 minutes (2 GB RAM, 2 cores).

I am checking "api status" command to see if all proccesses were started (and if API is listening).

Just turn on VM and go for coffee

Kind regards,
Jozko Mrkvicka
H_Cheng
Contributor

I wait for an hour and I checked "api status" that CPM and FWM are "Started" state but API is "Stopped".

What can I do next to fix it?

Thanks for your support.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

try "api start" to manually start API. 

Do you have valid license ? What is the output of "cplic print" command?

Kind regards,
Jozko Mrkvicka
0 Kudos
H_Cheng
Contributor

No license list out. I just downloaded the trial software and install on VMware for testing purpose.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

You have trial license for 15 days only. As you dont have any listed there, the trial license already expired.

You need to generate 30 days evaluation all-in-one license from your UserCenter.

Kind regards,
Jozko Mrkvicka
0 Kudos
H_Cheng
Contributor

I just new created VM and installed the GAIA & Management Server. The trial license has not expired.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

So from now on you have 15 days to do whatever you want. Are you able to connect via SmartConsole now?

Kind regards,
Jozko Mrkvicka
0 Kudos
H_Cheng
Contributor

Yes, after run "api start" and wait for the process started, I can login the SmartConsole. But, when I restart the firewall, the API does not start automatically.  Is there any configuration I can let it start when the server start/restart?

Thank you for your support.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

It is somewhere in SmartConsole Settings.

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion

0 Kudos
H_Cheng
Contributor

I enable the Automatic start option in Management API - Advanced Settings. Then publish, and run "api restart". After API restarted, I checked all processes (API, CPM, FWM) are Started. However, after "shutdown -r now" to reboot the CPM, the API process still not auto starts. I need to run "api start" manually. Is there any task I missed?

0 Kudos
Vladimir
Champion
Champion

What does the output of $CPMDIR/scripts/check_cpm_status.sh show after restart?

0 Kudos
H_Cheng
Contributor

/etc/fw/scripts/check_cpm_status.sh shows

CPM server started

0 Kudos
Vladimir
Champion
Champion

0 Kudos
JozkoMrkvicka
Mentor
Mentor

You can also try to install the latest jumbo hotfix for R80.10.

Kind regards,
Jozko Mrkvicka
H_Cheng
Contributor

Just tried again today, the API processes can start automatically.

Thanks.

0 Kudos
Vladimir
Champion
Champion

Can you tell us what did the trick to make it start automatically?

H_Cheng
Contributor

As I remembered that I didn't make any change. I just powered on the VM for testing again on some days after. I keep the memory at 2GB only. I didn't wait too while for the process to start.

Vladimir
Champion
Champion

Use this command to determine status of the management server: $CPMDIR/scripts/check_cpm_status.sh

[Expert@gw-83a11b:0]# $CPMDIR/scripts/check_cpm_status.sh
CPM server started
[Expert@gw-83a11b:0]#

H_Cheng
Contributor

I checked the status with this script. The Management Server is running.

0 Kudos
Poh_Seng_Anthon
Participant

i have a similar issue. but my problem was on R80.20 M2 newly installed server. running command show my CPM was started. but running cpwd_admin list show my FWM status was terminated. after a few check it was the hostname. My hostname was cp_mgmt, after changing it to cp-mgmt. i was able to access to the management thru smartconsole.

 

regards

Anthony

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events