Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

The issue with DynamicID

Hi everybody

I am trying to configure Remote Access with DynamicID on R80.10 GW

I have a URL from SMS server Team to perform GET method to SMS server like this:

http://x.x.x.x:8083/VPNOTP/http/sendmsg?api_id=$APIID&user=vpnotp&password=xxx&to=0901441294&text=TestVPN

When i paste that link to a browser, i get an OTP code to my phone number

But when I run curl_cli on GW, the SMS server return to 505 Internal Error

I tried to capture packet, and I saw all field after "api_id=" was missing when run curl_cli

Is it due to a link error or is it because I incorrectly executed the syntax?

Thank you so much

 

0 Kudos
7 Replies
Highlighted
Iron

Both 2 sk do not help me in this case 😄

Thank you

0 Kudos
Employee
Employee

Hey buddy,

Did you solve it?

0 Kudos
Highlighted
Iron

Hi Andres

Yes, I solve this case

I put links in quotes and I can run curl_cli normally

Note: In R80.x Check Point have integrated new I/S for DynamicID.
As part of this change, we have decided to verify the server reply, and as part of it, we are not accepting HTTP 500 replies.
This change was done for security and better code flow decisions. Because of this, with many case upgrade from R77 to R80.x, DynamicID cannot work

Thanks

0 Kudos
Highlighted

I faced a problem with DynamicID at a customer. The SMS provider serves the api on http and https, but https works only with certificate. I had a case with CheckPoint regarding the situation and they said that the problem is in the certificate. I found a configuration file where you explicitly configure not to check the certificate (the same  -k option you enter with curl/curl_cli) but it didn't work. 

Anybody faced the same issue?

0 Kudos
Highlighted
Employee
Employee

Hey Martin.

Did you modify this file? $CVPNDIR/bin/sendsms

 

Regards,

 

0 Kudos
Highlighted

Hey,

I  found this and change it following the document:

1Capture.JPG

Maybe you mean to replace "${args[@]}" directly with -k ?

send_sms() {
$FWDIR/bin/curl_cli "${args[@]}" -D - -o /dev/null -s --disable-crl-check

0 Kudos