This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
P_Williams
Contributor
‎2025-01-31 03:40 AM
Jump to solution

View past revisions via CLI on old SMS

Hi,

We upgraded our SMS in the autumn 2024 and as luck would have it a request has come in about an access policy revision that was made in the summer. As far as I can see the new SMS box only has the revisions from when it went live.

I came across this thread on Checkmates

I have fired up the old SMS (r80.40) and attempted to run the commands mentioned but have had no luck

# mgmt_cli show sessions --port 4434
Username: admin
Password:
code: "generic_error"
message: "Runtime error: Marshalling Error: Connection refused (Connection refused)"

 

# mgmt_cli show sessions view-published-settings true --port 4434
Username: admin
Password:
code: "generic_error"
message: "Runtime error: Marshalling Error: Connection refused (Connection refused)"

I dont know if the mgmt_cli show sessions view-published-settings true --port 4434 is correct, or if the 'Marshalling Error...' is the sign of a bigger issue?

Its not the end of the world if I cant get this revision info, maybe I can just get them off the new SMS?

0 Kudos
2 Solutions

Accepted Solutions
Hugo_vd_Kooij
Leader
Leader
‎2025-01-31 04:35 AM
In response to P_Williams
Jump to solution

Can't help but notice that this is not a good sign:

CPM Stopped
FWM Stopped

So as long as that is the issue I would make sure you get the system up and running.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

View solution in original post

the_rock
Legend
Legend
‎2025-01-31 04:39 AM
In response to P_Williams
Jump to solution

That is your issue, for sure. FWM shows not running...this is what it would look like if all worked fine. Maybe try cprestart or reboot. E 1 means its estanlished and started once, but if it shows T 0 for say fwm, command will never work right.

Andy

[Expert@CP-MANAGEMENT:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 5363 E 1 [14:42:59] 15/1/2025 N cpviewd
CPVIEWS 5390 E 1 [14:42:59] 15/1/2025 N cpview_services
CVIEWAPIS 5395 E 1 [14:42:59] 15/1/2025 N cpview_api_service
MSGD 5409 E 1 [14:42:59] 15/1/2025 Y msgd
CPD 5415 E 1 [14:42:59] 15/1/2025 Y cpd
FWD 5480 E 1 [14:42:59] 15/1/2025 N fwd -n
FWM 5486 E 1 [14:42:59] 15/1/2025 N fwm
FWMHA 5505 E 1 [14:42:59] 15/1/2025 N fwmha -H
STPR 5539 E 1 [14:42:59] 15/1/2025 N status_proxy
CLOUDGUARD 5576 E 1 [14:42:59] 15/1/2025 N vsec_controller_start
CPM 5886 E 1 [14:43:00] 15/1/2025 N /opt/CPsuite-R81.20/fw1/scripts/cpm.sh -s
SOLR 6154 E 1 [14:43:00] 15/1/2025 N java_solr
RFL 6195 E 1 [14:43:00] 15/1/2025 N LogCore
SMARTVIEW 6243 E 1 [14:43:00] 15/1/2025 N SmartView
INDEXER 6363 E 1 [14:43:01] 15/1/2025 N /opt/CPrt-R81.20/log_indexer/log_indexer -workingDir /opt/CPrt-R81.20/log_indexer/
SMARTLOG_SERVER 6434 E 1 [14:43:01] 15/1/2025 N /opt/CPSmartLog-R81.20/smartlog_server
REPMAN 6916 E 1 [14:43:02] 15/1/2025 N java_repository_manager
DASERVICE 6926 E 1 [14:43:02] 15/1/2025 N DAService_script
AUTOUPDATER 6970 E 1 [14:43:02] 15/1/2025 N AutoUpdaterService.sh
LPD 28026 E 1 [14:44:09] 15/1/2025 N lpd
CPSM 8975 E 1 [14:45:34] 15/1/2025 N cpstat_monitor
[Expert@CP-MANAGEMENT:0]# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 5886
CPM Started 5886 Check Point Security Management Server is running and ready
FWM Started 5486
APACHE Started 4394

Port Details:
-------------------
JETTY Internal Port: 59079
JETTY Documentation Internal Port: 52413
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: Large SMC env resources profile without SME
CPM heap size: 1280m

Apache port retrieved from: dbget http:ssl_port


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

[Expert@CP-MANAGEMENT:0]#

View solution in original post

0 Kudos
10 Replies
Hugo_vd_Kooij
Leader
Leader
‎2025-01-31 03:45 AM
Jump to solution

The first thing to check is the output of `api status`.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
P_Williams
Contributor
‎2025-01-31 04:00 AM
In response to Hugo_vd_Kooij
Jump to solution

Hi, output below, I had already started the api,

# api status

API Settings:
---------------------
Accessibility: Require ip 127.0.0.1
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 1779
CPM Stopped
FWM Stopped
APACHE Started 3907

Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 4434 (a non-default port)
When running mgmt_cli commands add '--port 4434'
When using web-services, add port 4434 to the URL

Profile:
------------
Machine profile: Large SMC env resources profile without SME
CPM heap size:
API heap size: 256m

 

--------------------------------------------
Overall API Status: Error : FWM Is Not Running!
--------------------------------------------

0 Kudos
the_rock
Legend
Legend
‎2025-01-31 04:04 AM
In response to P_Williams
Jump to solution

@AkosBakos is 100% correct. If you use any other port than 443, those commands wont work. I tested this theorty in R80.20,30,40 and also R81.10 and R81.20. Never tried it in R82, but Im almost positive it would be the same.

Change web port to 443 and it will work.

Andy

0 Kudos
Hugo_vd_Kooij
Leader
Leader
‎2025-01-31 04:35 AM
In response to P_Williams
Jump to solution

Can't help but notice that this is not a good sign:

CPM Stopped
FWM Stopped

So as long as that is the issue I would make sure you get the system up and running.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
the_rock
Legend
Legend
‎2025-01-31 04:39 AM
In response to P_Williams
Jump to solution

That is your issue, for sure. FWM shows not running...this is what it would look like if all worked fine. Maybe try cprestart or reboot. E 1 means its estanlished and started once, but if it shows T 0 for say fwm, command will never work right.

Andy

[Expert@CP-MANAGEMENT:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 5363 E 1 [14:42:59] 15/1/2025 N cpviewd
CPVIEWS 5390 E 1 [14:42:59] 15/1/2025 N cpview_services
CVIEWAPIS 5395 E 1 [14:42:59] 15/1/2025 N cpview_api_service
MSGD 5409 E 1 [14:42:59] 15/1/2025 Y msgd
CPD 5415 E 1 [14:42:59] 15/1/2025 Y cpd
FWD 5480 E 1 [14:42:59] 15/1/2025 N fwd -n
FWM 5486 E 1 [14:42:59] 15/1/2025 N fwm
FWMHA 5505 E 1 [14:42:59] 15/1/2025 N fwmha -H
STPR 5539 E 1 [14:42:59] 15/1/2025 N status_proxy
CLOUDGUARD 5576 E 1 [14:42:59] 15/1/2025 N vsec_controller_start
CPM 5886 E 1 [14:43:00] 15/1/2025 N /opt/CPsuite-R81.20/fw1/scripts/cpm.sh -s
SOLR 6154 E 1 [14:43:00] 15/1/2025 N java_solr
RFL 6195 E 1 [14:43:00] 15/1/2025 N LogCore
SMARTVIEW 6243 E 1 [14:43:00] 15/1/2025 N SmartView
INDEXER 6363 E 1 [14:43:01] 15/1/2025 N /opt/CPrt-R81.20/log_indexer/log_indexer -workingDir /opt/CPrt-R81.20/log_indexer/
SMARTLOG_SERVER 6434 E 1 [14:43:01] 15/1/2025 N /opt/CPSmartLog-R81.20/smartlog_server
REPMAN 6916 E 1 [14:43:02] 15/1/2025 N java_repository_manager
DASERVICE 6926 E 1 [14:43:02] 15/1/2025 N DAService_script
AUTOUPDATER 6970 E 1 [14:43:02] 15/1/2025 N AutoUpdaterService.sh
LPD 28026 E 1 [14:44:09] 15/1/2025 N lpd
CPSM 8975 E 1 [14:45:34] 15/1/2025 N cpstat_monitor
[Expert@CP-MANAGEMENT:0]# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 5886
CPM Started 5886 Check Point Security Management Server is running and ready
FWM Started 5486
APACHE Started 4394

Port Details:
-------------------
JETTY Internal Port: 59079
JETTY Documentation Internal Port: 52413
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: Large SMC env resources profile without SME
CPM heap size: 1280m

Apache port retrieved from: dbget http:ssl_port


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

[Expert@CP-MANAGEMENT:0]#

0 Kudos
P_Williams
Contributor
‎2025-01-31 04:54 AM
In response to the_rock
Jump to solution

Ye that was the issue, cprestart and CPM and FWM have now started and now it is showing the sessions.

Thank you everyone.

the_rock
Legend
Legend
‎2025-01-31 04:56 AM
In response to P_Williams
Jump to solution

Glad we can help you.

Have a nice weekend.

Andy

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-31 04:00 AM
Jump to solution

Hi @P_Williams 

What is the reason of using port 4434?

This worked for me. Change the settings string to sessions

[Expert@mgmt-sakos-lab:0]# mgmt_cli show sessions view-published-sessions true
Username: admin
Password:
objects:
- uid: "eadc97e8-113a-435c-8931-31b94c25767c"
name: "admin@1/28/2025"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"

And the other command:

[Expert@mgmt-sakos-lab:0]# mgmt_cli show sessions
Username: admin
Password:
objects:
- uid: "517601d5-c7d4-4f0c-9c99-6622986305c4"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Objects/worksession"
color: "black"
from: 1
to: 1
total: 1

[Expert@mgmt-sakos-lab:0]#

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
P_Williams
Contributor
‎2025-01-31 04:18 AM
In response to AkosBakos
Jump to solution

Hi,

I have changed the port to 443 (as per The_Rock advice)

APACHE Gaia Port: 443

And also changed the typo so it is now sessions, but still the same

# mgmt_cli show sessions view-published-sessions true
Username: admin
Password:
code: "generic_error"
message: "Runtime error: Marshalling Error: Connection refused (Connection refused)"

0 Kudos
the_rock
Legend
Legend
‎2025-01-31 04:21 AM
In response to P_Williams
Jump to solution

Here is example in my lab, maybe run 2nd command just to make sure it is indeed the right port. If it is, then I believe there is a separate problem.

Andy

[Expert@CP-MANAGEMENT:0]# mgmt_cli show sessions view-published-sessions true
Username: admin
Password:
objects:
- uid: "908732af-d4ad-429e-acb1-3e214f7c220d"
name: "admin@17-Jan-2025"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Objects/worksession"
color: "black"
from: 1
to: 1
total: 1

[Expert@CP-MANAGEMENT:0]# clish
CP-MANAGEMENT> show web ssl-por
CP-MANAGEMENT> show web ssl-port
web-ssl-port 443
CP-MANAGEMENT>

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events