This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mahadevan
Contributor
‎2022-11-04 01:16 AM

Unable to access Checkpoint Server/API from different system in same LAN network

Hello All,

Installed Checkpoint R81 server and able to access web UI only from the system where it is installed and not from other system in same LAN network.

Also we are trying to access Checkpoint server through API. It is accessible from the server system but not from other systems in same network. Command which we are using to access is listed below. 


curl --insecure -XPOST "https://X.X.X.X:443/web_api/login" --data-binary "{\"user\": \"admin\", \"password\": \"XXXXX\"}" -H "Content-Type: application/json"

 

But we are getting Operation timed out.  

We have also set All IP Address in Management API settings and restarted the API. 

Please let us know if we have to change any settings ? Your assist will be of great help to us. 

Thanks 

0 Kudos
12 Replies
_Val_
Admin
Admin
‎2022-11-04 02:31 AM

Management or GW, or standalone? Looks like a connectivity issue. If this is a GW, try unload local policy (fw unloadlocal)

If management, check the routing and network settings.

Mahadevan
Contributor
‎2022-11-04 03:07 AM
In response to _Val_

Hello Val,

It is Standalone and We have set Host Access and Client GUI as "any" 

We are still facing the issue. Any specific configuration or settings to change so we can access web ui and API from other system in same network?

Your guide will be of great help to us.
 

0 Kudos
_Val_
Admin
Admin
‎2022-11-04 03:10 AM
In response to Mahadevan

As I said, try unloading the policy. If that does not help, check you have connectivity to the server at all. It is a basic networking issue, most probably

0 Kudos
srinidhi
Participant
‎2022-11-06 08:14 PM
In response to _Val_

Hi, Thanks,

I have tried unloading the policy, still it dint work, 

also connectivity to the server looks fine, it works when pinging the server from any other machine.

Please let me know, if I am missing anything. 

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-11-07 01:53 AM
In response to srinidhi

What do you see in a tcpdump / packet capture?

CCSM R77/R80/ELITE
0 Kudos
Mahadevan
Contributor
‎2022-11-08 12:26 AM
In response to Chris_Atkinson

Hello Chris, 

As you Suggested, We did the tcpdump and are able to see ICMP and connection only but not HTTP related requests

But our priority is we are unable to connect to Checkpoint Management server using HTTP request from different system even after setting up a policy to connect to the server from any IP address.

Also we are able to ping to Checkpoint from all the systems. But when we try with HTTP request, It says failed to readch network.

Could you please let us know if there is any configuration to be made in the Checkpoint so we can access web portal from all the systems in our Environment. 

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2022-11-08 05:34 AM
In response to Mahadevan

If you don't see the HTTP traffic in a tcpdump captured on the device, that means one of two things. Either the client isn't sending it (e.g, some web filtering application like Zscaler is preventing the request from going out), OR the client is sending it somewhere else (e.g, the client is trying to use a proxy server).

Neither case is something you can fix on the Check Point side. They're client-side problems.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-08 05:45 AM
In response to Mahadevan

Is there an ARP entry for the management on the client you are attempting to access from?
What precisely do you see in tcpdump when you ping and/or use HTTPS:

  • Don’t see ICMP or HTTPS
  • See ICMP, but not HTTPS
  • Something else (please explain)

This really sounds like something on your LAN is filtering traffic.

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2022-11-10 11:03 PM
In response to PhoneBoy

NSX-T comes to mind as something people may overlook. If you have strict policies there they are most likely blocking your access.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-11-08 06:20 AM
In response to Mahadevan

Any proxy settings involved on the client PC, are local networks/URLs excluded?

CCSM R77/R80/ELITE
0 Kudos
Mahadevan
Contributor
‎2022-11-09 02:02 AM
In response to Chris_Atkinson

Hi Chris,

Just want to Check one thing quick, In Checkpoint configuration, Do we have to define any NAT settings so we can access Checkpoint server UI from External Network ?

Please let us know so we do not consider NAT settings as our Blocker ?

Thanks again

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-11-09 02:41 AM
In response to Mahadevan

Possibly but it's not check point specific (normal networking) and entirely depends on the source/destination IPs involved.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events