Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sagar_Manandhar
Advisor
Jump to solution

Unable to access WebGUI after policy install

hi,

i am being unable to access the Web GUI of firewall after i install the policy but works when fw unload local command is given to the firewall. i even tried to disable all the policy and place the any any allow rule at top and installed the policy but the problem remain the same.What may be the reason?

Regards,

Sagar Manandhar

0 Kudos
1 Solution

Accepted Solutions
Ofir_Shikolski
Employee
Employee

Please check the 'Platform Portal ' settings :

Platform Portal

What can I do here?

Configure the settings for accessing this portal.

Tell me about the fields

  • Main URL - The primary URL for the portal. You can use the same IP address for all of the portals with this variation:
    • SecurePlatform Web User interface - https://<main gateway IP address>/admin
    • Mobile Access Portal - https://<main gateway IP address>/sslvpn
    • DLP Portal - https://<main gateway IP address>/dlp

    You may choose to have the Mobile Access portal on an external IP address while others are on an internal IP address.

    Note - The Main URL field must be manually updated if:

    • The Main URL field contains an IP address and not a DNS name.
    • You change a gateway's IPv4 address to IPv6 or vice versa.
  • IP Address - Enter the IP address for the portal.
  • Aliases - Click the Aliases button to Add URL aliases that are redirected to the main portal URL. Aliases can be in clear (http://) and will redirect users to the secure portal over HTTPS. For example, portal.example.com can send users to the portal. To make the alias work, it must be resolved to the main URL on your DNS server.
  • Certificate - Click Import to import a p12 certificate for the portal website to use. If you do not import a certificate, the portal uses a Check Point auto-generated certificate. This might cause browser warnings if the browser does not recognize the Security Gateway management. All portals on the same IP address use the same certificate.
  • Accessibility - Click Edit to select from where the portal can be accessed. The options are based on the topology configured for the Security Gateway.

    The portal is accessible through these interfaces:

    • Through all interfaces
    • Through internal interfaces
      • Including undefined internal interfaces
      • Including DMZ internal interfaces
      • Including VPN encrypted interfaces
    • According to the Firewall policy - Select this if there is a rule that states who can access the portal.

Getting Here

Getting Here -

  • Select or create new Security Gateway > Gateway Properties window > Platform Portal

View solution in original post

2 Replies
Ofir_Shikolski
Employee
Employee

Please check the 'Platform Portal ' settings :

Platform Portal

What can I do here?

Configure the settings for accessing this portal.

Tell me about the fields

  • Main URL - The primary URL for the portal. You can use the same IP address for all of the portals with this variation:
    • SecurePlatform Web User interface - https://<main gateway IP address>/admin
    • Mobile Access Portal - https://<main gateway IP address>/sslvpn
    • DLP Portal - https://<main gateway IP address>/dlp

    You may choose to have the Mobile Access portal on an external IP address while others are on an internal IP address.

    Note - The Main URL field must be manually updated if:

    • The Main URL field contains an IP address and not a DNS name.
    • You change a gateway's IPv4 address to IPv6 or vice versa.
  • IP Address - Enter the IP address for the portal.
  • Aliases - Click the Aliases button to Add URL aliases that are redirected to the main portal URL. Aliases can be in clear (http://) and will redirect users to the secure portal over HTTPS. For example, portal.example.com can send users to the portal. To make the alias work, it must be resolved to the main URL on your DNS server.
  • Certificate - Click Import to import a p12 certificate for the portal website to use. If you do not import a certificate, the portal uses a Check Point auto-generated certificate. This might cause browser warnings if the browser does not recognize the Security Gateway management. All portals on the same IP address use the same certificate.
  • Accessibility - Click Edit to select from where the portal can be accessed. The options are based on the topology configured for the Security Gateway.

    The portal is accessible through these interfaces:

    • Through all interfaces
    • Through internal interfaces
      • Including undefined internal interfaces
      • Including DMZ internal interfaces
      • Including VPN encrypted interfaces
    • According to the Firewall policy - Select this if there is a rule that states who can access the portal.

Getting Here

Getting Here -

  • Select or create new Security Gateway > Gateway Properties window > Platform Portal
Hugo_vd_Kooij
Advisor

Some checks I would do:

  1. Verify listening ports with : netstat -na|more
  2. See what exactly happens to the session with : tcpdump -i any -n -l port not 22
    1. Assuming you use SSH to connect to the unit and don't have too much else going over this firewall.
  3. Go over all the Error log files to see if anything stands out.

And the setting above is relevant but it should show up in my first check.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events