This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
--JayJay--
Participant
‎2018-08-31 12:32 PM

get interfaces operation failed

While adding a gateway to a management station the gateway is added , but without interfaces and topology and an error message when establishing trust between management station (SMS) and gateway (GW).

The trust relationship between SMS and GW is showing an error:

"Failed to connect to GW (IP Address: '...').
Please make sure Check Point Services are running on GW, and trust has been established".

But the trust is nevertheless established as this is showing on the General Properties tab of the GW in the SMS / Smart Console (Green tick mark).

And "Test SIC status" button press results in : "SIC Status for GW: Communicating"

And as stated above , in the SMS, the GW is missing interfaces. 

Get interfaces (with or without topology) in the SmartConsole, results in the error:

"get interfaces operation failed for .... (IP of gateway)".

Version R80.10.

Connection to GW is working for both ssh and https.

0 Kudos
10 Replies
Vladimir
Champion
Champion
‎2018-08-31 01:44 PM

Try to perform "fw unloadlocal" on the gateway and repeat the "Get Interfaces".

Although the topology extraction should work with SIC in a good state.

Have you perchance changed any of the Global Properties?

Additionally, if this is a remote gateway, such as at one of the branches of the bank or a retail location, please make sure that your SMS is statically NATed and is not simply hiding behind local gateway's external IP.

0 Kudos
--JayJay--
Participant
‎2018-08-31 02:07 PM
In response to Vladimir

Did the "fw unloadlocal" and after that another "Get interfaces", but with same result.

"Failed to connect to GW (IP Address: '...').
Please make sure Check Point Services are running on GW, and trust has been established".

The management server is in use for some years  and has similar gateways (indeed remote/branch) added in the past, with  NAT setting "hiding behind local gateway's external IP" ticked on the gateway.

The global properties have not been changed recently but are not default.

 

0 Kudos
--JayJay--
Participant
‎2018-09-01 12:13 AM
In response to Vladimir

The management station's gateway has static NAT configured with external IP address on the NAT tab , 

On the same tab/page, in the "install on gateway"-box a dummy gateway is selected.

(The dummy gateway is configured elsewhere in the SMS).

On the same NAT tab/page, the  "Apply for Security gateway control connections" box is ticked.

Would manualy added interfaces (for this GW, in SMS) lead to any drawback?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-01 08:08 PM
In response to --JayJay--

The main reason to "fetch" the interfaces is to reduce the risk of a potential configuration error, especially with respect to Anti-Spoofing.

Otherwise, it's ok to define them manually.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-08-31 02:11 PM

Maybe some general troubleshooting of SIC?

How to troubleshoot SIC 

0 Kudos
_Val_
Admin
Admin
‎2018-09-03 01:13 AM

Although the commentators above suggested otherwise, SIC and fetching topology are unrelated.

SIC is performed by cpd on TCP, several 18XXX ports, and interfaces are fetched by fwd on a TCP port 256. Make sure fwd is running on the GW and port 256 is not blocked between MGMT and GW.

Jorn_Halsen_Luk
Explorer
‎2019-01-07 06:11 AM
In response to _Val_

Had the same problem. 

Allowing port 256 from SMS to the gateways solved the problem for me.

0 Kudos
Wei_Soon_Heng
Contributor
Contributor
‎2020-08-14 06:37 AM

Hi JayJay,

Did you solved the issue? 
I facing same error when try re-establish SIC connection using cp_conf command without restart service.

Thanks

0 Kudos
clear_ip_bgp
Explorer
‎2024-10-27 11:20 AM
In response to Wei_Soon_Heng

Hello doing the same and experience the same problem, how did you manage to resolve?

0 Kudos
Andrej_Kascak
Participant
‎2024-12-11 01:09 PM
In response to clear_ip_bgp

hello all,

In my case cpstop;cpstart did the trick.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top