Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

New! Web SmartConsole :)

Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus
6 29 16K

With the 1st release of the Web SmartConsole you will be able to give your read-only users a web interface for the Security Management Server. View and search the list of gateways and servers, Objects, Security Policies, and logs, generate SmartEvent views and reports.

The detailed list of supported features and expected behavior is documented and will be updated in Web SmartConsole What's New

The Web SmartConsole will support more and more functionality as we go along.

New content will be released gradually and updated automatically on your Security Management Server (assuming you are connected to the internet and you have approved to get updates from Check Point). It will be also included in every R81 Jumbo Hotfix.

Next release will include read-write functionality, supporting the most common objects and actions.

Want to impact the development?

Tell us what you think!

What are the most common objects, views and actions you would like to see developed as soon as possible in the Web SmartConsole. We will do our best to prioritize your requests.

Start using the web SmartConsole

Or

  • Follow the below steps
    • Download mwc.tgz file from this post.
    • On a R81 Management Server navigate to: /opt/CPSuite-R81/fw1/webconsole
    • Upload the downloaded tgz file (mwc.tgz)
    • Run the command: /opt/CPsuite-R81/fw1/webconsole/mwc.sh restart

Following the above you can open the web browser and navigate to https://<managment-IP>/smartconsole

Waiting for your feedback: @esmatn , @Amiad_Stern , @Anat_Eytan-Davi 

29 Comments
AneesahConrad
Explorer

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Is there a workaround to get the WebSmartconsole running on Gaia 3200 16GB RAM?
R81 T17 is the active operating system.

PhoneBoy
Admin
Admin

It's possible that we don't include this on a standalone gateway, at least not yet.

Maarten_Sjouw
Champion
Champion

@Anat_Eytan-Davi is it possible to change the access port for the WebSmartConsole?

Jeffrey_Fogel
Employee Alumnus
Employee Alumnus

@AneesahConrad Was the appliance upgraded or was it a clean install?  I was told, and confirmed in my lab, that it must be a clean install at this point for web smart console to work correctly. 

Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

The Web SmartConsole is included in the 1st R81 JHF, and also as a package you can download from the above link provided in this post.

the_rock
Legend
Legend

Im not sure if this is the right thread to ask this question...I keep getting conflicting reports as far as which smart console we should be using. Customer has cloud smart-1 management and some engineers say use web version, some say use standalone console. The problem is, if you download smart console from portal.checkpoint website, that does NOT work for smart endpoint, so you need portable smart console, which is literally 3 GB of space, so little annoying. If you keep using web smart console, it works mostly okay with google chrome, but not that well with other browsers...

 

Thought?

 

Tx

 

Andy

Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

Hi Andy,

I understand the confusion and I will try to provide a good explanation:

Smart-1 Cloud customers have two options for SmartConsole:

1. They can use the Web SmartConsole from Smart-1 Cloud portal (this is not the Web SmartConsole we are referring to in this thread), the Web SmartConsole from Smart-1 Cloud customers provides full functionality but isn't a native web development and is available only to Smart-1 Cloud customers

2, use the Windows SmartConsole, and we recommend to download the version from the portal as we adjusted some of the functionality, indeed, recently we have identified the conflict with the Smart EndPoint and we are working to resolve it - sorry for the inconvenient.

 

The New Web SmartConsole is for customers with local/on-prem management, it is a new development and the version we have released as part of R81 1st JHF is Read-Only, while gradually we will add more functionality, and the next planned release in few weeks will introduce read-write for common use-cases.

 

Anat.

the_rock
Legend
Legend

Thanks Anat,

 

For now, we keep using web console, the one available when you log into the portal and then open smart-1 instance. We find that using standalone version for cloud instance is causing problems.

 

Andy

JozkoMrkvicka
Authority
Authority

Even with total clean installation of R81 with latest Jumbo Take 17, the Web SmartConsole is not working.

Accessing https://<Management Server IP>/smartconsole will get following:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Issue solved by following:

[Expert@R81_MDS:0]# cd /opt/CPSuite-R81/fw1/webconsole/
[Expert@R81_MDS:0]# ./docker_reconf.sh
Error: No such object: mwc
MWC reconf has been successful
[Expert@R81_MDS:0]# ./mwc.sh start
Docker daemon is currently running, PID 17861...
loading docker image: /opt/CPsuite-R81/fw1/webconsole/mwc.tgz
Loaded image: mwc:latest
Error response from daemon: No such container: mwc
starting container
a673b1fd94462a3302a1fd6d27360a48a86dffb58ce8e42f458cac4cff2f9401
Enable GUI clients
MWC reconf has been successful
MWC services started successfully. Login to https://192.168.135.81/smartconsole
[Expert@R81_MDS:0]#

After that, Web SmartConsole is accessible.

Would be great to fix it ...

Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

Hi,

Are you trying to activate the Web SmartConsole on MDS? the 1st release (included in R81 JHF) is supported only for Security Management Server. As part of the next release we will support login to MDS as well and the different CMAs.

can you please elaborate what is the machine you have tried the above?

 

Thanks,

Anat.

JozkoMrkvicka
Authority
Authority

Hi anat,

You are right, I tried MDS setup.

As you mentioned, CMAs are not yet supported within Web SmartConsole.

Looking forward for more supported scenarios 😉 

HristoGrigorov

I tried it and I must say I am impressed how fast it is. Probably because it does not yet have the full functionality or because of the technology used. Either way I really hope it stays like this. Awesome work so far!

Maarten_Sjouw
Champion
Champion

When this MDS/CMA support is built in we would like to setup a Netscaler system to allow acces to the Web SmartConsole, there is the question of authentication, we would like our customers to authenticate only once on the Netscaler which can use SAML to authenticate to the Web Smartconsole. is there any chance this will work?

Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

The next planned release will allow to login into MDS or a specific domain. it will not support the full MDS functionality and it will focus on managing the access policy and the autonomous threat prevention policy from a domain/ SmartCenter.

The supported authentication method at this phase is Check Point user and password, as we will proceed with the releases we will add more functionality and support additional authentication methods.

Norbert_Bohusch
Advisor

@Anat_Eytan-Davi whats the current status regarding Web SmartConsole support of MDS (e.g. in R81.10 JHF 9).

 

Would also be great to list MDS-specific limitations in the Web SmartConsole sk170314.

Tal_Paz-Fridman
Employee
Employee

Adding @Dima_M to answer

Dima_M
Employee
Employee

@Norbert_Bohusch 

 

We already have partial support for Multi Domain Management, users can login to a domain.

On MDS level, all domains can be viewed and opened in a new browser tab (SSO). Global/System operations are not yet supported.

Norbert_Bohusch
Advisor

From which version is this support working?

At a R81.10 JHF 9 MDS we can login to a domain (by using domain ip in browser) but MDS level is not working. It gives authentication failed error. But maybe Radius authentication is the problem?

nmelay
Collaborator

Works here, as long as I'm not using the domain's FQDN in URL (so either short hostname or IP address).

No JHF, still on GA.

Norbert_Bohusch
Advisor

Thanks, that did the trick.

So using the FQDN was the problem on my side. 

And as I tried FQDN for MDS but IP for DMS, MDS didn't work, but DMS did.

Btw. short hostname was also not working for me.

 

Additionally I have to accept the certificate for a DMS before SSO from MDS to the DMS works, because else the SSO expires....

 

Has someone got a hint how to set replace the certificates for all DMS? I mean I know the main one (MDS/Global) is the one Gaia uses as well, but have never needed to set one for the DMS....

edit: my bad, the certificate presented is the same on all DMS, so we might need to include all IPs in SAN....

 

Roadrunner88
Contributor

We have installed R81 Jumbohotfix Take 44

We can connect to the Web Application.

We can configure the Policies

 

But we CANT configure the Gateways, nothing happens when we want to open a device

 

How can we get this working?


the_rock
Legend
Legend

To give my own feedback...I tried this on R81 (latest jumbo) and same with R81.10 and I can't get most things to work. I can't update policies, modify objects, none of that. Im not sure why it fails, but there is literally not much troubleshooting you can do inside the web console itself.

Scottc98
Advisor

I was referencing the web smartconsole "what's new" link referenced at the top of this thread (https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&so...)

 

It looks to me that "Take 50" release for we smartconsole is not been released within any R81 or R81.10 JHFs today.   

It does look like Take 48 of web smartconsole was released in these version:

R81 Jumbo HotFix - Ongoing Take 51 (29 December 2021)   - note:  going off reference "PRJ-29804".   it doesn't call out the Take # like the previous release notes or as it shown in the R81.10 one....but seems to line up with fixes in Take 48

R81.10 Jumbo HotFix - Ongoing Take 14 (22 November 2021)      - PRJ-29805

I noticed that R81.10 JHF doesn't look like the web smartconsole is listed under the "List of upcoming resolved issues" and R81 JHF doesn't have that section at all.


Is there any coming JHF release for either of these where we will expect Take 50 (or higher if another one is planned) to be available for use?

Thanks in advance

 

 

 

Ofir_Calif
Employee
Employee

Hi @Roadrunner88 
We don’t support Gateway configuration editor in Web SmartConsole at the current version.
Adding support for several gateway configurations is in our RoadMap

Hi @the_rock 
It seems that you don’t have the correct version of Web SmartConsole.
Please open a support ticket, we would like to support you, but we need more information.

Hi @Scottc98 ,
You are correct, Take 50 is not in the currently released jumbo, but will be part of the next jumbo release (R81 & R81.10).
We updated our SK, removed take 50 for the moment and will add the new take once the jumbo is released.

the_rock
Legend
Legend

Thanks @Ofir_Calif , but I would not take TAC resources just for this, as its really not that important, specially given the fact that I much more prefer regular old school smart console anyway : - ). I was simply giving my observations about it.

Ofir_Calif
Employee
Employee

Hi @the_rock,
I would like to know what is missing for you in Web SmartConsole in your common tasks.
We are continuously improving the product and your feedback is important.
I believe you have the very first version that is read-only, we did a lot of improvements since then.

Gav
Explorer

Hi,

I have just performed an upgrade of my SMS (VM open server) from R80.20 to latest R81.10 and patched to Take 30.

Using Microsoft's Edge browser, opening Web Smartconsole gives just a blank, white page. A search didn't yield any useful results so just wondering if any folks here have seen a similar experience?

Many thanks.

Gav

Roadrunner88
Contributor

@Ofir_Calif 

Can you give me more detail about the Roadmap of Web SmartConsole?

 

My requested function would be a big benefit for our daily work.

 

Thanks

Ofir_Calif
Employee
Employee

@Roadrunner88 
Basic editor for Gateway is planned for 2022 as well as enhancements in the access rulebase.

Labels