This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FelipeTropeia
Participant
‎2020-04-06 08:02 AM

1490 SMB appliance VPN blade using central mgmt

Hi All,

I'm trying to create a VPN Client (Capsule VPN for ios and android) on one of our 1490 SMB appliances running at R77.20.87 build 004 but the VPN blade is not active.
I have seen on mgmt server is activated and configurable but on the gateway I haven´t seen anything related to VPN.

There are some output logs below:

[Expert@Test]# vpn_configload -d
[ 32516 1737437184]@Test[3 Apr 11:06:01] cp_do_get_ipaddrs: The size needed is [160]
[ 32516 1737437184]@Test[3 Apr 11:06:01] get_CK_for_MAC_based_license_imp: features_str=[CPAP-AP1490 ENF-APP CPSB-FW CPSB-VPN CPSB-SSLVPN-200 CPSB-IA CPSB-ADNC CPSB-ADNC-M CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM]
[ 32516 1737437184]@Test[3 Apr 11:06:01] get_CK_for_MAC_based_license_imp: has valid MAC address syntax
[ 32516 1737437184]@Test[3 Apr 11:06:01] licdb_add_license: License was recognized as MAC based license
[ 32516 1737437184]@Test[3 Apr 11:06:01] fwa_set_sfw_installing_local_policy: Setting fwa_db_installing_local_policy to 1.
[ 32516 1737437184]@Test[3 Apr 11:06:01] fwa_set_sfw_convert_local_cfg to TRUE
[ 32516 1737437184]@Test[3 Apr 11:06:01] fwa_set_sfw_convert_local_cfg: Setting fwa_db_convert_local_cfg to 1.
Error: Not in local management mode
Unable to configure appliance:
Internal error.
[Expert@Test]#

 

[Expert@Test]# grep 1 /opt/fw1/conf/active_blades.txt |  awk '{print $1,$3}'

FW

IPS

AV 2

URLF

IA

APCL

AB

[Expert@Test]#

 

Anyone with the same problem or any suggestions?

0 Kudos
7 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-04-06 09:42 AM

I would look into Embedded GAiA WebGUI Dashboard to enable VPN...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
FelipeTropeia
Participant
‎2020-04-07 01:22 AM
In response to G_W_Albrecht

Hi @G_W_Albrecht 

There is no way to switch from off to on using the webui. I believe somethings is going on when we use SMB appliance in central mgmt. For testing purposes, I have another SMB appliance locally and its possible to see VPN blade enabled. 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-04-07 06:39 AM
In response to FelipeTropeia

But it shows the VPN blade, disabled ? I would try to install last current firmware using USB and the issue should be resolved...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
FelipeTropeia
Participant
‎2020-04-07 07:04 AM
In response to G_W_Albrecht

Unfortunately we don´t have remote hands due to covid-19 in our datacentre. In embedded gaia -> Security dashboard-> Remote Access and Site to Site VPN blades are off and there is no way to turn it on.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-07 11:27 AM

In a centrally-managed SMB configuration, all relevant configuration for VPN is done on central management.
Nothing is configured on the WebUI of the SMB device.
When you push the relevant configuration from Central management, the blades will show as active.
0 Kudos
FelipeTropeia
Participant
‎2020-04-07 11:55 AM
In response to PhoneBoy

Hi @PhoneBoy 

I configured everything on the management server that presents the gateway object as a VPN ticked and all options to be configured, but on the gateway it does not activate the VPN blade.

0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2020-04-07 12:32 PM
In response to FelipeTropeia

Check /var/log/log/sfwd.elg. It is possible that policy was not installed at all.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events