- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Unable to access Checkpoint Server/API from differ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to access Checkpoint Server/API from different system in same LAN network
Hello All,
Installed Checkpoint R81 server and able to access web UI only from the system where it is installed and not from other system in same LAN network.
Also we are trying to access Checkpoint server through API. It is accessible from the server system but not from other systems in same network. Command which we are using to access is listed below.
curl --insecure -XPOST "https://X.X.X.X:443/web_api/login" --data-binary "{\"user\": \"admin\", \"password\": \"XXXXX\"}" -H "Content-Type: application/json"
But we are getting Operation timed out.
We have also set All IP Address in Management API settings and restarted the API.
Please let us know if we have to change any settings ? Your assist will be of great help to us.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Management or GW, or standalone? Looks like a connectivity issue. If this is a GW, try unload local policy (fw unloadlocal)
If management, check the routing and network settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Val,
It is Standalone and We have set Host Access and Client GUI as "any"
We are still facing the issue. Any specific configuration or settings to change so we can access web ui and API from other system in same network?
Your guide will be of great help to us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As I said, try unloading the policy. If that does not help, check you have connectivity to the server at all. It is a basic networking issue, most probably
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Thanks,
I have tried unloading the policy, still it dint work,
also connectivity to the server looks fine, it works when pinging the server from any other machine.
Please let me know, if I am missing anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you see in a tcpdump / packet capture?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Chris,
As you Suggested, We did the tcpdump and are able to see ICMP and connection only but not HTTP related requests
But our priority is we are unable to connect to Checkpoint Management server using HTTP request from different system even after setting up a policy to connect to the server from any IP address.
Also we are able to ping to Checkpoint from all the systems. But when we try with HTTP request, It says failed to readch network.
Could you please let us know if there is any configuration to be made in the Checkpoint so we can access web portal from all the systems in our Environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you don't see the HTTP traffic in a tcpdump captured on the device, that means one of two things. Either the client isn't sending it (e.g, some web filtering application like Zscaler is preventing the request from going out), OR the client is sending it somewhere else (e.g, the client is trying to use a proxy server).
Neither case is something you can fix on the Check Point side. They're client-side problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there an ARP entry for the management on the client you are attempting to access from?
What precisely do you see in tcpdump when you ping and/or use HTTPS:
- Don’t see ICMP or HTTPS
- See ICMP, but not HTTPS
- Something else (please explain)
This really sounds like something on your LAN is filtering traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NSX-T comes to mind as something people may overlook. If you have strict policies there they are most likely blocking your access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any proxy settings involved on the client PC, are local networks/URLs excluded?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
Just want to Check one thing quick, In Checkpoint configuration, Do we have to define any NAT settings so we can access Checkpoint server UI from External Network ?
Please let us know so we do not consider NAT settings as our Blocker ?
Thanks again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Possibly but it's not check point specific (normal networking) and entirely depends on the source/destination IPs involved.
