This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
Advisor
‎2023-12-21 02:28 AM
Jump to solution

Problem getting in to GUI gateways

Hi,

I got my lab for CCSE. Suddenly today I started to get this when trying to login to the GUI of the gateways:

forbidden.png

I checked the hosts.allowed file and it looks good:

allowed hosts.png

Show allowed-client all

allowed-client.png

and policy:

policy.png

any ideas!

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2023-12-21 04:58 AM
Jump to solution

Open gateway object in smart console and make sure that platform portal tab shows correct port. Also, confirm its not default policy blocking it by running fw stat from expert mode of the firewall ssh session. 

Alternatively, you can check from clich by running show web ssl-port

Andy

View solution in original post

12 Replies
Tal_Paz-Fridman
Employee
Employee
‎2023-12-21 02:38 AM
Jump to solution

Can you please check if there are any drop logs?

Also please check if there are any relevant errors in the following files for the flow:

/var/log/httpd2_access_log
/var/log/httpd2_error_log

0 Kudos
Moudar
Advisor
‎2023-12-21 04:23 AM
In response to Tal_Paz-Fridman
Jump to solution

logs show accepted traffic!

accept-traffic.png

 

/var/log/httpd2_access_log shows nothing

/var/log/httpd2_error_log, shows some logs

[Expert@A-GW-01:0]# cat /var/log/httpd2_error_log
[Sat Mar 18 09:16:58.739558 2023] [mime_magic:error] [pid 8710] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Sat Mar 18 09:16:58.742207 2023] [ssl:warn] [pid 8710] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Mar 18 09:16:58.771367 2023] [so:warn] [pid 8710] AH01574: module setenvif_module is already loaded, skipping
[Sat Mar 18 09:16:58.771381 2023] [so:warn] [pid 8710] AH01574: module headers_module is already loaded, skipping
[Sat Mar 18 09:16:58.774633 2023] [core:warn] [pid 8710] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.100. Set the 'ServerName' directive globally to suppress this message
[Sat Mar 18 09:16:58.774902 2023] [mime_magic:error] [pid 8710] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Sat Mar 18 09:16:58.775899 2023] [ssl:warn] [pid 8710] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Mar 18 09:16:58.779208 2023] [mpm_prefork:notice] [pid 8710] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Sat Mar 18 09:16:58.779249 2023] [core:notice] [pid 8710] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Sat Mar 18 09:16:59.220213 2023] [mpm_prefork:notice] [pid 8710] AH00169: caught SIGTERM, shutting down
[Sat Mar 18 09:17:01.462479 2023] [mime_magic:error] [pid 9137] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Sat Mar 18 09:17:01.464061 2023] [ssl:warn] [pid 9137] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Mar 18 09:17:01.502942 2023] [so:warn] [pid 9137] AH01574: module setenvif_module is already loaded, skipping
[Sat Mar 18 09:17:01.502964 2023] [so:warn] [pid 9137] AH01574: module headers_module is already loaded, skipping
[Sat Mar 18 09:17:01.507636 2023] [core:warn] [pid 9137] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.100. Set the 'ServerName' directive globally to suppress this message
[Sat Mar 18 09:17:01.508011 2023] [mime_magic:error] [pid 9137] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Sat Mar 18 09:17:01.509473 2023] [ssl:warn] [pid 9137] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Mar 18 09:17:01.512973 2023] [mpm_prefork:notice] [pid 9137] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Sat Mar 18 09:17:01.513016 2023] [core:notice] [pid 9137] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Sat Mar 18 09:50:03.183509 2023] [mpm_prefork:notice] [pid 9137] AH00169: caught SIGTERM, shutting down
[Fri Jun 02 07:12:15.522840 2023] [mime_magic:error] [pid 5744] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 07:12:15.533542 2023] [ssl:warn] [pid 5744] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 07:12:15.563378 2023] [so:warn] [pid 5744] AH01574: module setenvif_module is already loaded, skipping
[Fri Jun 02 07:12:15.563407 2023] [so:warn] [pid 5744] AH01574: module headers_module is already loaded, skipping
[Fri Jun 02 07:12:15.567650 2023] [core:warn] [pid 5744] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.100. Set the 'ServerName' directive globally to suppress this message
[Fri Jun 02 07:12:15.567940 2023] [mime_magic:error] [pid 5744] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 07:12:15.569166 2023] [ssl:warn] [pid 5744] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 07:12:15.572503 2023] [mpm_prefork:notice] [pid 5744] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Fri Jun 02 07:12:15.572552 2023] [core:notice] [pid 5744] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Fri Jun 02 08:18:18.239029 2023] [mpm_prefork:notice] [pid 5744] AH00169: caught SIGTERM, shutting down
[Fri Jun 02 11:16:30.240525 2023] [mime_magic:error] [pid 5705] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 11:16:30.245608 2023] [ssl:warn] [pid 5705] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 11:16:30.269574 2023] [so:warn] [pid 5705] AH01574: module setenvif_module is already loaded, skipping
[Fri Jun 02 11:16:30.269589 2023] [so:warn] [pid 5705] AH01574: module headers_module is already loaded, skipping
[Fri Jun 02 11:16:30.273287 2023] [core:warn] [pid 5705] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.100. Set the 'ServerName' directive globally to suppress this message
[Fri Jun 02 11:16:30.273545 2023] [mime_magic:error] [pid 5705] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 11:16:30.274793 2023] [ssl:warn] [pid 5705] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 11:16:30.277551 2023] [mpm_prefork:notice] [pid 5705] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Fri Jun 02 11:16:30.277584 2023] [core:notice] [pid 5705] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Fri Jun 02 11:35:53.097046 2023] [mpm_prefork:notice] [pid 5705] AH00169: caught SIGTERM, shutting down
[Fri Jun 02 12:17:50.367586 2023] [mime_magic:error] [pid 6400] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 12:17:50.372448 2023] [ssl:warn] [pid 6400] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 12:17:50.403083 2023] [so:warn] [pid 6400] AH01574: module setenvif_module is already loaded, skipping
[Fri Jun 02 12:17:50.403106 2023] [so:warn] [pid 6400] AH01574: module headers_module is already loaded, skipping
[Fri Jun 02 12:17:50.406521 2023] [core:warn] [pid 6400] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.100. Set the 'ServerName' directive globally to suppress this message
[Fri Jun 02 12:17:50.406785 2023] [mime_magic:error] [pid 6400] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 12:17:50.407845 2023] [ssl:warn] [pid 6400] AH01906: 10.1.1.100:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 12:17:50.410834 2023] [mpm_prefork:notice] [pid 6400] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Fri Jun 02 12:17:50.410891 2023] [core:notice] [pid 6400] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Fri Jun 02 12:23:23.812262 2023] [mpm_prefork:notice] [pid 6400] AH00169: caught SIGTERM, shutting down
[Fri Jun 02 18:24:23.173013 2023] [mime_magic:error] [pid 8942] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 18:24:23.179687 2023] [ssl:warn] [pid 8942] AH01906: 10.1.1.2:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 18:24:23.179730 2023] [ssl:warn] [pid 8942] AH01909: 10.1.1.2:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 02 18:24:23.210694 2023] [so:warn] [pid 8942] AH01574: module setenvif_module is already loaded, skipping
[Fri Jun 02 18:24:23.210724 2023] [so:warn] [pid 8942] AH01574: module headers_module is already loaded, skipping
[Fri Jun 02 18:24:23.215976 2023] [core:warn] [pid 8942] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Fri Jun 02 18:24:23.216350 2023] [mime_magic:error] [pid 8942] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Fri Jun 02 18:24:23.217964 2023] [ssl:warn] [pid 8942] AH01906: 10.1.1.2:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 02 18:24:23.217997 2023] [ssl:warn] [pid 8942] AH01909: 10.1.1.2:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 02 18:24:23.221491 2023] [mpm_prefork:notice] [pid 8942] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Fri Jun 02 18:24:23.221531 2023] [core:notice] [pid 8942] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Fri Jun 02 18:46:53.552384 2023] [mpm_prefork:notice] [pid 8942] AH00169: caught SIGTERM, shutting down
[Tue Dec 05 08:19:47.026624 2023] [mime_magic:error] [pid 8298] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Tue Dec 05 08:19:47.046429 2023] [ssl:warn] [pid 8298] AH01906: 10.1.1.2:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Dec 05 08:19:47.046464 2023] [ssl:warn] [pid 8298] AH01909: 10.1.1.2:443:0 server certificate does NOT include an ID which matches the server name
[Tue Dec 05 08:19:47.074811 2023] [so:warn] [pid 8298] AH01574: module setenvif_module is already loaded, skipping
[Tue Dec 05 08:19:47.074831 2023] [so:warn] [pid 8298] AH01574: module headers_module is already loaded, skipping
[Tue Dec 05 08:19:47.077813 2023] [core:warn] [pid 8298] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Tue Dec 05 08:19:47.078064 2023] [mime_magic:error] [pid 8298] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Tue Dec 05 08:19:47.078921 2023] [ssl:warn] [pid 8298] AH01906: 10.1.1.2:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Dec 05 08:19:47.078943 2023] [ssl:warn] [pid 8298] AH01909: 10.1.1.2:443:0 server certificate does NOT include an ID which matches the server name
[Tue Dec 05 08:19:47.081425 2023] [mpm_prefork:notice] [pid 8298] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Tue Dec 05 08:19:47.081508 2023] [core:notice] [pid 8298] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Wed Dec 20 16:35:46.677153 2023] [mpm_prefork:notice] [pid 8298] AH00169: caught SIGTERM, shutting down
[Wed Dec 20 16:35:48.084627 2023] [mime_magic:error] [pid 6268] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Wed Dec 20 16:35:48.086130 2023] [ssl:warn] [pid 6268] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 20 16:35:48.086155 2023] [ssl:warn] [pid 6268] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Wed Dec 20 16:35:48.167322 2023] [so:warn] [pid 6268] AH01574: module setenvif_module is already loaded, skipping
[Wed Dec 20 16:35:48.167342 2023] [so:warn] [pid 6268] AH01574: module headers_module is already loaded, skipping
[Wed Dec 20 16:35:48.187919 2023] [core:warn] [pid 6268] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 20 16:35:48.188228 2023] [mime_magic:error] [pid 6268] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Wed Dec 20 16:35:48.192271 2023] [ssl:warn] [pid 6268] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 20 16:35:48.192300 2023] [ssl:warn] [pid 6268] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Wed Dec 20 16:35:48.201639 2023] [mpm_prefork:notice] [pid 6268] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Wed Dec 20 16:35:48.201674 2023] [core:notice] [pid 6268] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Wed Dec 20 16:35:48.353783 2023] [mpm_prefork:notice] [pid 6268] AH00169: caught SIGTERM, shutting down
[Wed Dec 20 16:35:50.554494 2023] [mime_magic:error] [pid 7155] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Wed Dec 20 16:35:50.555210 2023] [ssl:warn] [pid 7155] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 20 16:35:50.555230 2023] [ssl:warn] [pid 7155] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Wed Dec 20 16:35:50.570923 2023] [so:warn] [pid 7155] AH01574: module setenvif_module is already loaded, skipping
[Wed Dec 20 16:35:50.570934 2023] [so:warn] [pid 7155] AH01574: module headers_module is already loaded, skipping
[Wed Dec 20 16:35:50.573257 2023] [core:warn] [pid 7155] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 20 16:35:50.573463 2023] [mime_magic:error] [pid 7155] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Wed Dec 20 16:35:50.574194 2023] [ssl:warn] [pid 7155] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 20 16:35:50.574212 2023] [ssl:warn] [pid 7155] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Wed Dec 20 16:35:50.576648 2023] [mpm_prefork:notice] [pid 7155] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Wed Dec 20 16:35:50.576695 2023] [core:notice] [pid 7155] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Thu Dec 21 11:09:50.724290 2023] [mpm_prefork:notice] [pid 7155] AH00169: caught SIGTERM, shutting down
[Thu Dec 21 11:11:13.819242 2023] [mime_magic:error] [pid 8298] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Thu Dec 21 11:11:13.826131 2023] [ssl:warn] [pid 8298] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Dec 21 11:11:13.826169 2023] [ssl:warn] [pid 8298] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Thu Dec 21 11:11:13.861655 2023] [so:warn] [pid 8298] AH01574: module setenvif_module is already loaded, skipping
[Thu Dec 21 11:11:13.861676 2023] [so:warn] [pid 8298] AH01574: module headers_module is already loaded, skipping
[Thu Dec 21 11:11:13.865881 2023] [core:warn] [pid 8298] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Thu Dec 21 11:11:13.866331 2023] [mime_magic:error] [pid 8298] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Thu Dec 21 11:11:13.867657 2023] [ssl:warn] [pid 8298] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Dec 21 11:11:13.867686 2023] [ssl:warn] [pid 8298] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Thu Dec 21 11:11:13.873993 2023] [mpm_prefork:notice] [pid 8298] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Thu Dec 21 11:11:13.874028 2023] [core:notice] [pid 8298] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Thu Dec 21 11:11:27.338603 2023] [mpm_prefork:notice] [pid 8298] AH00169: caught SIGTERM, shutting down
[Thu Dec 21 11:11:28.543057 2023] [mime_magic:error] [pid 9223] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Thu Dec 21 11:11:28.544297 2023] [ssl:warn] [pid 9223] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Dec 21 11:11:28.544330 2023] [ssl:warn] [pid 9223] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Thu Dec 21 11:11:28.568819 2023] [so:warn] [pid 9223] AH01574: module setenvif_module is already loaded, skipping
[Thu Dec 21 11:11:28.568841 2023] [so:warn] [pid 9223] AH01574: module headers_module is already loaded, skipping
[Thu Dec 21 11:11:28.572935 2023] [core:warn] [pid 9223] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Thu Dec 21 11:11:28.573304 2023] [mime_magic:error] [pid 9223] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Thu Dec 21 11:11:28.574510 2023] [ssl:warn] [pid 9223] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Dec 21 11:11:28.574540 2023] [ssl:warn] [pid 9223] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Thu Dec 21 11:11:28.577175 2023] [mpm_prefork:notice] [pid 9223] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Thu Dec 21 11:11:28.577216 2023] [core:notice] [pid 9223] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Thu Dec 21 11:11:30.197918 2023] [mpm_prefork:notice] [pid 9223] AH00169: caught SIGTERM, shutting down
[Thu Dec 21 11:11:32.297493 2023] [mime_magic:error] [pid 9616] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Thu Dec 21 11:11:32.298303 2023] [ssl:warn] [pid 9616] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Dec 21 11:11:32.298323 2023] [ssl:warn] [pid 9616] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Thu Dec 21 11:11:32.315756 2023] [so:warn] [pid 9616] AH01574: module setenvif_module is already loaded, skipping
[Thu Dec 21 11:11:32.315773 2023] [so:warn] [pid 9616] AH01574: module headers_module is already loaded, skipping
[Thu Dec 21 11:11:32.318596 2023] [core:warn] [pid 9616] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.1.1.2. Set the 'ServerName' directive globally to suppress this message
[Thu Dec 21 11:11:32.318860 2023] [mime_magic:error] [pid 9616] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Thu Dec 21 11:11:32.319672 2023] [ssl:warn] [pid 9616] AH01906: 10.1.1.2:4434:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Dec 21 11:11:32.319697 2023] [ssl:warn] [pid 9616] AH01909: 10.1.1.2:4434:0 server certificate does NOT include an ID which matches the server name
[Thu Dec 21 11:11:32.321988 2023] [mpm_prefork:notice] [pid 9616] AH00163: CPWS/2.4.53 (Unix) OpenSSL/1.1.1n configured -- resuming normal operations
[Thu Dec 21 11:11:32.322029 2023] [core:notice] [pid 9616] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'

 

0 Kudos
the_rock
Legend
Legend
‎2023-12-21 04:58 AM
Jump to solution

Open gateway object in smart console and make sure that platform portal tab shows correct port. Also, confirm its not default policy blocking it by running fw stat from expert mode of the firewall ssh session. 

Alternatively, you can check from clich by running show web ssl-port

Andy

Moudar
Advisor
‎2023-12-21 05:12 AM
In response to the_rock
Jump to solution

OK, that solved my problem.

https://10.1.1.2:4434 would lead to the gateway's GUI

But I still wonder why it was working without the port 4434 all the time but suddenly it now needs the port 

0 Kudos
the_rock
Legend
Legend
‎2023-12-21 05:14 AM
In response to Moudar
Jump to solution

It does NOT need a custom port and personally, its hard for me to believe it worked before with a different port, even if policy was unloaded to allow everything. I would say, and this is just me, its probably best to leave it as custom port, since 443 is used by default for many vpn functions, so better to avoid any conflicts.

Best,

Andy

0 Kudos
Moudar
Advisor
‎2023-12-21 05:33 AM
In response to the_rock
Jump to solution

It worked before like this: https://10.1.1.1

No ports needed to be added!

0 Kudos
the_rock
Legend
Legend
‎2023-12-21 05:34 AM
In response to Moudar
Jump to solution

You are welcome to change, but personally, I would not bother for reasons I mentioned, but up to you.

Best,

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2023-12-21 05:18 AM
In response to Moudar
Jump to solution

Did you enable Endpoint Policy Management? that might change the default Gaia Portal port.

0 Kudos
the_rock
Legend
Legend
‎2023-12-21 05:27 AM
In response to Tal_Paz-Fridman
Jump to solution

Hey Tal,

Are you sure about that? I just tested it on both gw and mgmt in the lab and never changed the web UI port number.

Best,

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2023-12-21 05:54 AM
In response to the_rock
Jump to solution

In older version it changed the default port from 443 to 4434:

https://sc1.checkpoint.com/documents/R81.20/SmartEndpoint_OLH/EN/Content/Topics-EPSG-R81.20/Connecti...

0 Kudos
the_rock
Legend
Legend
‎2023-12-21 05:56 AM
In response to Tal_Paz-Fridman
Jump to solution

K, got it. Maybe mine did not make any difference as version is R81.20 jumbo 41 (the latest)

Best,

Andy

0 Kudos
Moudar
Advisor
‎2023-12-21 05:35 AM
In response to Tal_Paz-Fridman
Jump to solution

no Endpoint Policy Management was enabled

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events