Unable to work with server or gateway objects

marki · ‎2025-12-30

When I right-click on "Edit" (or "View" for that matter) in Smartconsole "Gateways & Servers" view, nothing happens.

SmartConsole Portable 81.20.9700.673

Either it's related

* to Windows 11

* to not being an admin user

* to dependencies like C++ runtime

* to this: Note: Using the SmartConsole user settings requires "write" permissions for the Output sub-directory as well as admin permissions for legacy components (same as in installer mode).

Thoughts?

the_rock · ‎2025-12-30

If you are an admin and this happens, try cprestart on the mgmt server. Honestly, you can even reboot it, nothing would happen, as its management, so would not affect traffic, would simply disconnect if someone else is logged into smart console.

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-30

As I wrote, I am not an admin.

So that is the issue, ok.

I tried Web Smartconsole, but that doesn't seem to give me the ability to change QoS Policy... (also "Manage policies and layers" is just grayed out)

the_rock · ‎2025-12-30

It wont give that option, since you would not have read write permissions. Is your account read-only or you have custom permissions?

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-30

To be sure I was using the admin account (super user).

Does web smartconsole need permissions configured somewhere else?

or is this maybe not available in R81.20 (latest take of SC Web)

the_rock · ‎2025-12-30

No problems, does work, I just tested it. Can you send a screenshot?

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-30

Haha, ok..

What you currently require is always only in the next version 😉

the_rock · ‎2025-12-30

Haha, lol. Anyway, guess no choice then 🙂

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-30

Yeah no choice but to not update QoS policy.

Legacy editor launched for QoS config doesn't work without admin rights either 😞

the_rock · ‎2025-12-30

Are you not able to use standalone smart console?

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-30

No, for initial reason. (non-admin user)

the_rock · ‎2025-12-30

I suppose best thing is to have admin then make those changes.

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-30

That won't work. Impossible to explain to anyone that some configuration tools requires admin privs.

the_rock · ‎2025-12-30

Not sure what other option there is mate : - )

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2025-12-31

The other option is fixing the client so it doesn't require admin privs to use part of it.

the_rock · ‎2025-12-31

Lets see, hopefully at some point it will be available.

Happy New Year!

Best,
Andy
"Have a great day and if its not, change it"

Vincent_Bacher · ‎2026-01-02

This is very environment-dependent.

In environments with many administrators or large management databases, a restart can be disruptive and time-consuming.

Definitely something to think twice about before doing it.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

PhoneBoy · ‎2025-12-30

The installation/run requirements for Portable SmartConsole are here: https://support.checkpoint.com/results/sk/sk116158
This includes the requirement for the Output subdirectory being writable and admin permissions for legacy components (this refers to the Windows user running SmartConsole).

marki · ‎2025-12-31

Yeah but having requirements which make no sense does not impress any of our security guys actually which give admin permissions.

Will this be fixed?

PhoneBoy · ‎2025-12-31

I presume this will occur as the legacy components are re-implemented or replaced (e.g. in Web SmartConsole).

marki · ‎2026-01-02

Yeah, I guess it's a matter of priorities.

The AI Copilot button made it into the fat client in record time after all 😀

Not to mention the automatic update of the client which requires your admin station to be connected to the Internet....

Am I glad we have planned moving off of what's left of CP here until end of the year.

Lesley · ‎2026-01-02

*access to check point services

-------
Please press "Accept as Solution" if my post solved it 🙂

the_rock · ‎2026-01-02

Just remember though, its not always black and white picture, as the saying goes. I know people who moved off CP after many many years, because of specific problem that could not be solved, went to another vendor, all was fine for some time, then vulnerabilities started popping up, now they want to go back to CP real bad.

Something to think about.

Happy New Year!

Best,
Andy
"Have a great day and if its not, change it"

marki · ‎2026-01-02

It's not black-and-white at all.
There are many reasons.

First of all we're not a very big shop, and administering "dinosaur" CP on the side is no longer viable.

Then, we maybe open a case per year in average. A few years ago I was so frustrated with a case where they didn't understand anything at all. For the price this equipment and support costs that is not acceptable. Which is when I promised our sales guy we wouldn't renew. I tend to keep my promises.

I know support is **bleep** everywhere, but that doesn't mean no actions can be taken. Everyone gets a chance.

Concerning vulnerability issues, people say that CP simply doesn't disclose them. I don't know what reality is, but as long as you stay up-to-date and are not stupid enough to put your management interface on the Internet, you're probably generally safe.

We'll see.

Happy New Year! 😄

the_rock · ‎2026-01-02

I see what you are saying. Regardless what you guys decide, hope it all works out!

Best,
Andy
"Have a great day and if its not, change it"

Are you a member of CheckMates?

Unable to work with server or gateway objects