Solved: Re: Unable to access ICA management tool

PJ_WONG · ‎2025-06-30

Hi Checkmates,

I am exploring on downloading the certificates for all remote access users in the AD, and I found that ICA management tool might help.

Already followed sk30501 to setup, and managed to telnet to port 18265, but the web access is not working. (As attached image)

What might be missing there? Any help will be appreciated.

Thanks.

the_rock · ‎2025-06-30

Weird, just tried it on 2 R82 mgmt servers, same issue...one way to "fix" it using below command, but then no ssl and you can access it on http://ip_address:18265

cpca_client set_mgmt_tool on -no_ssl

Andy

View solution in original post

PhoneBoy · ‎2025-06-30

Access to the ICA Web Portal requires certificate-based authentication.
This must be set up: https://support.checkpoint.com/results/sk/sk30501

the_rock · ‎2025-06-30

Yes, make sure you follow all the steps from the sk.

Andy

the_rock · ‎2025-06-30

Weird, just tried it on 2 R82 mgmt servers, same issue...one way to "fix" it using below command, but then no ssl and you can access it on http://ip_address:18265

cpca_client set_mgmt_tool on -no_ssl

Andy

the_rock · ‎2025-06-30

@PJ_WONG

I take that back. On upgraded lab mgmt from R81.20 to R82, I had to do ssl off command to make it work, BUT, on clean R82, sk worked fine.

Andy

Lesley · ‎2025-06-30

Make sure that 18265 is allowed by firewall policy and you see traffic in logs.

Also if the HTTPS is not working try http as stated by the_rock above.

I always have trouble and sometimes I need to change it to http

-------
If you like this post please give a thumbs up(kudo)! 🙂

the_rock · ‎2025-06-30

Since July 1st is Canada day, will compare the rules Wednesday 🙂

But definitely good point Lesley.

Andy

PJ_WONG · ‎2025-07-01

With the certificate and ssl disabled, the ICA is working fine.

Appreciate all the help on this.

the_rock · ‎2025-07-01

Np! Still, personally, I find that only somewhat OK workaround, not a solution. Will see if I can fix it in non working lab with ssl on.

Andy

the_rock · ‎2025-07-02

I thought maybe its rule problem, but definitely not. I even added a rule, though one already existed to allow anything from my vm subnet to anything mgmt/fw, but even with specific rule allowing https, and all ssl services, no dice, still fails with ssl on, very odd.

Other clean R81.20 or clean R82 mgmt works no issues. ONLY upgraded mgmt from R81.20 to R82 fails, sorry mate, I tried. But, I dont give up easily, will keep trying, probably do some captures and see what gives. I will update you.

Andy

the_rock · ‎2025-07-02

@PJ_WONG

Since this was really bugging me, I installed R81.20 mgmt in the lab, set this up, worked fine, upgraded, worked fine as well. So conclusion is that something was broken, for sure, when my current R81.20 lab mgmt was upgraded to R82. Steps in the sk are 100% correct.

Cheers,

Andy

PJ_WONG · ‎2025-07-02

Hi Andy,

Thanks for trying out, my management is not in clean state either, as it is using database from migrate import.

Yes, it seems like ICA can have some issue, then we could just use http.

the_rock · ‎2025-07-03

I will still keep trying, but cant promise I will make it work. If I do, will be happy to let you know how : - )

Andy

Are you a member of CheckMates?

Unable to access ICA management tool