Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mahadevan
Contributor

Unable to access Checkpoint Server/API from different system in same LAN network

Hello All,

Installed Checkpoint R81 server and able to access web UI only from the system where it is installed and not from other system in same LAN network.

Also we are trying to access Checkpoint server through API. It is accessible from the server system but not from other systems in same network. Command which we are using to access is listed below. 


curl --insecure -XPOST "https://X.X.X.X:443/web_api/login" --data-binary "{\"user\": \"admin\", \"password\": \"XXXXX\"}" -H "Content-Type: application/json"

 

But we are getting Operation timed out.  

We have also set All IP Address in Management API settings and restarted the API. 

Please let us know if we have to change any settings ? Your assist will be of great help to us. 

Thanks 

0 Kudos
12 Replies
_Val_
Admin
Admin

Management or GW, or standalone? Looks like a connectivity issue. If this is a GW, try unload local policy (fw unloadlocal)

If management, check the routing and network settings.

Mahadevan
Contributor

Hello Val,

It is Standalone and We have set Host Access and Client GUI as "any" 

We are still facing the issue. Any specific configuration or settings to change so we can access web ui and API from other system in same network?

Your guide will be of great help to us.
 

0 Kudos
_Val_
Admin
Admin

As I said, try unloading the policy. If that does not help, check you have connectivity to the server at all. It is a basic networking issue, most probably

0 Kudos
srinidhi
Participant

Hi, Thanks,

I have tried unloading the policy, still it dint work, 

also connectivity to the server looks fine, it works when pinging the server from any other machine.

Please let me know, if I am missing anything. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What do you see in a tcpdump / packet capture?

CCSM R77/R80/ELITE
0 Kudos
Mahadevan
Contributor

Hello Chris, 

As you Suggested, We did the tcpdump and are able to see ICMP and connection only but not HTTP related requests

But our priority is we are unable to connect to Checkpoint Management server using HTTP request from different system even after setting up a policy to connect to the server from any IP address.

Also we are able to ping to Checkpoint from all the systems. But when we try with HTTP request, It says failed to readch network.

Could you please let us know if there is any configuration to be made in the Checkpoint so we can access web portal from all the systems in our Environment. 

0 Kudos
Bob_Zimmerman
Authority
Authority

If you don't see the HTTP traffic in a tcpdump captured on the device, that means one of two things. Either the client isn't sending it (e.g, some web filtering application like Zscaler is preventing the request from going out), OR the client is sending it somewhere else (e.g, the client is trying to use a proxy server).

Neither case is something you can fix on the Check Point side. They're client-side problems.

0 Kudos
PhoneBoy
Admin
Admin

Is there an ARP entry for the management on the client you are attempting to access from?
What precisely do you see in tcpdump when you ping and/or use HTTPS:

  • Don’t see ICMP or HTTPS
  • See ICMP, but not HTTPS
  • Something else (please explain)

This really sounds like something on your LAN is filtering traffic.

0 Kudos
Hugo_vd_Kooij
Advisor

NSX-T comes to mind as something people may overlook. If you have strict policies there they are most likely blocking your access.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Any proxy settings involved on the client PC, are local networks/URLs excluded?

CCSM R77/R80/ELITE
0 Kudos
Mahadevan
Contributor

Hi Chris,

Just want to Check one thing quick, In Checkpoint configuration, Do we have to define any NAT settings so we can access Checkpoint server UI from External Network ?

Please let us know so we do not consider NAT settings as our Blocker ?

Thanks again

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Possibly but it's not check point specific (normal networking) and entirely depends on the source/destination IPs involved.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events