Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

New! Web SmartConsole :)

Anat_Eytan-Davi
6 20 3,901

With the 1st release of the Web SmartConsole you will be able to give your read-only users a web interface for the Security Management Server. View and search the list of gateways and servers, Objects, Security Policies, and logs, generate SmartEvent views and reports.

The detailed list of supported features and expected behavior is documented and will be updated in Web SmartConsole What's New

The Web SmartConsole will support more and more functionality as we go along.

New content will be released gradually and updated automatically on your Security Management Server (assuming you are connected to the internet and you have approved to get updates from Check Point). It will be also included in every R81 Jumbo Hotfix.

Next release will include read-write functionality, supporting the most common objects and actions.

Want to impact the development?

Tell us what you think!

What are the most common objects, views and actions you would like to see developed as soon as possible in the Web SmartConsole. We will do our best to prioritize your requests.

Start using the web SmartConsole

Or

  • Follow the below steps
    • Download mwc.tgz file from this post.
    • On a R81 Management Server navigate to: /opt/CPSuite-R81/fw1/webconsole
    • Upload the downloaded tgz file (mwc.tgz)
    • Run the command: /opt/CPsuite-R81/fw1/webconsole/mwc.sh restart

Following the above you can open the web browser and navigate to https://<managment-IP>/smartconsole

Waiting for your feedback: @esmatn , @Amiad_Stern , @Anat_Eytan-Davi 

20 Comments
AneesahConrad
Explorer

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Is there a workaround to get the WebSmartconsole running on Gaia 3200 16GB RAM?
R81 T17 is the active operating system.

PhoneBoy
Admin
Admin

It's possible that we don't include this on a standalone gateway, at least not yet.

Maarten_Sjouw
Champion
Champion

@Anat_Eytan-Davi is it possible to change the access port for the WebSmartConsole?

Jeffrey_Fogel

@AneesahConrad Was the appliance upgraded or was it a clean install?  I was told, and confirmed in my lab, that it must be a clean install at this point for web smart console to work correctly. 

Anat_Eytan-Davi

The Web SmartConsole is included in the 1st R81 JHF, and also as a package you can download from the above link provided in this post.

the_rock
Authority
Authority

Im not sure if this is the right thread to ask this question...I keep getting conflicting reports as far as which smart console we should be using. Customer has cloud smart-1 management and some engineers say use web version, some say use standalone console. The problem is, if you download smart console from portal.checkpoint website, that does NOT work for smart endpoint, so you need portable smart console, which is literally 3 GB of space, so little annoying. If you keep using web smart console, it works mostly okay with google chrome, but not that well with other browsers...

 

Thought?

 

Tx

 

Andy

Anat_Eytan-Davi

Hi Andy,

I understand the confusion and I will try to provide a good explanation:

Smart-1 Cloud customers have two options for SmartConsole:

1. They can use the Web SmartConsole from Smart-1 Cloud portal (this is not the Web SmartConsole we are referring to in this thread), the Web SmartConsole from Smart-1 Cloud customers provides full functionality but isn't a native web development and is available only to Smart-1 Cloud customers

2, use the Windows SmartConsole, and we recommend to download the version from the portal as we adjusted some of the functionality, indeed, recently we have identified the conflict with the Smart EndPoint and we are working to resolve it - sorry for the inconvenient.

 

The New Web SmartConsole is for customers with local/on-prem management, it is a new development and the version we have released as part of R81 1st JHF is Read-Only, while gradually we will add more functionality, and the next planned release in few weeks will introduce read-write for common use-cases.

 

Anat.

the_rock
Authority
Authority

Thanks Anat,

 

For now, we keep using web console, the one available when you log into the portal and then open smart-1 instance. We find that using standalone version for cloud instance is causing problems.

 

Andy

JozkoMrkvicka
Leader
Leader

Even with total clean installation of R81 with latest Jumbo Take 17, the Web SmartConsole is not working.

Accessing https://<Management Server IP>/smartconsole will get following:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Issue solved by following:

[Expert@R81_MDS:0]# cd /opt/CPSuite-R81/fw1/webconsole/
[Expert@R81_MDS:0]# ./docker_reconf.sh
Error: No such object: mwc
MWC reconf has been successful
[Expert@R81_MDS:0]# ./mwc.sh start
Docker daemon is currently running, PID 17861...
loading docker image: /opt/CPsuite-R81/fw1/webconsole/mwc.tgz
Loaded image: mwc:latest
Error response from daemon: No such container: mwc
starting container
a673b1fd94462a3302a1fd6d27360a48a86dffb58ce8e42f458cac4cff2f9401
Enable GUI clients
MWC reconf has been successful
MWC services started successfully. Login to https://192.168.135.81/smartconsole
[Expert@R81_MDS:0]#

After that, Web SmartConsole is accessible.

Would be great to fix it ...

Anat_Eytan-Davi

Hi,

Are you trying to activate the Web SmartConsole on MDS? the 1st release (included in R81 JHF) is supported only for Security Management Server. As part of the next release we will support login to MDS as well and the different CMAs.

can you please elaborate what is the machine you have tried the above?

 

Thanks,

Anat.

JozkoMrkvicka
Leader
Leader

Hi anat,

You are right, I tried MDS setup.

As you mentioned, CMAs are not yet supported within Web SmartConsole.

Looking forward for more supported scenarios 😉 

HristoGrigorov

I tried it and I must say I am impressed how fast it is. Probably because it does not yet have the full functionality or because of the technology used. Either way I really hope it stays like this. Awesome work so far!

Maarten_Sjouw
Champion
Champion

When this MDS/CMA support is built in we would like to setup a Netscaler system to allow acces to the Web SmartConsole, there is the question of authentication, we would like our customers to authenticate only once on the Netscaler which can use SAML to authenticate to the Web Smartconsole. is there any chance this will work?

Anat_Eytan-Davi

The next planned release will allow to login into MDS or a specific domain. it will not support the full MDS functionality and it will focus on managing the access policy and the autonomous threat prevention policy from a domain/ SmartCenter.

The supported authentication method at this phase is Check Point user and password, as we will proceed with the releases we will add more functionality and support additional authentication methods.

Norbert_Bohusch
Advisor

@Anat_Eytan-Davi whats the current status regarding Web SmartConsole support of MDS (e.g. in R81.10 JHF 9).

 

Would also be great to list MDS-specific limitations in the Web SmartConsole sk170314.

Tal_Paz-Fridman
Employee
Employee

Adding @Dima_M to answer

Dima_M
Employee
Employee

@Norbert_Bohusch 

 

We already have partial support for Multi Domain Management, users can login to a domain.

On MDS level, all domains can be viewed and opened in a new browser tab (SSO). Global/System operations are not yet supported.

Norbert_Bohusch
Advisor

From which version is this support working?

At a R81.10 JHF 9 MDS we can login to a domain (by using domain ip in browser) but MDS level is not working. It gives authentication failed error. But maybe Radius authentication is the problem?

nmelay
Participant

Works here, as long as I'm not using the domain's FQDN in URL (so either short hostname or IP address).

No JHF, still on GA.

Norbert_Bohusch
Advisor

Thanks, that did the trick.

So using the FQDN was the problem on my side. 

And as I tried FQDN for MDS but IP for DMS, MDS didn't work, but DMS did.

Btw. short hostname was also not working for me.

 

Additionally I have to accept the certificate for a DMS before SSO from MDS to the DMS works, because else the SSO expires....

 

Has someone got a hint how to set replace the certificates for all DMS? I mean I know the main one (MDS/Global) is the one Gaia uses as well, but have never needed to set one for the DMS....

edit: my bad, the certificate presented is the same on all DMS, so we might need to include all IPs in SAN....

 

Labels