This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
genisis__
MVP Silver
MVP Silver
‎2026-01-28 03:27 AM

Access CLI through WebUI not working with default port 5555

Recently installed a pair of Spark appliances running R82.00.10.  I attempted to access the CLI using the option in the WEBUI which was via Firefox (See below, the issue is not seen using Edge):
SMB1.png

When clicking on CLI button, the below was presented with an untrusted certificate, now in the new dialog box there was no option to actually accept the untrusted certificate (this was out of the box certificate b.t.w).
SMB2.png

 

The client itself initiates a connection on port TCP/5555 (believe this is a SSL based connection) back to the appliance
This issue appears to be more a firefox problem rather then a Checkpoint one (but I would debate the potentially port 5555 should not be used, and full GAIA appliances don't experience the same issue).

How was this resolved:
With the above screenshot open, add a certificate ie.  <IP>:5555
SMB3.png

 


Once this is done, your CLI connection should work.
I would like to request Checkpoint investigate this further with the firefox browser, and potentially change this so it works using port 22 perhaps?


TAC are aware of this.

0 Kudos
11 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-02-01 12:48 PM

Is it same issue regardless of what browser you use?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
genisis__
MVP Silver
MVP Silver
‎2026-02-01 02:04 PM
In response to the_rock

No - I tested with Firefox and Edge, and the issue only appeared in Firefox.
I have another issue related to device certs, which may be the same type of resolution, TAC are investigating that through a separate case, but have verified I've done everything correctly.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-01 02:07 PM
In response to genisis__

Try set below to false, restart browser, try again.

Screenshot_1.png

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
genisis__
MVP Silver
MVP Silver
‎2026-02-02 01:15 AM
In response to the_rock

But why would that make a difference when the issue is firefox actually requiring an open connection into the GW so it can retrieve the cert?

I can certainly give it a try, but would I want to leave it like that, I'm not sure.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-02 02:07 AM
In response to genisis__

Just to see if quic protocol could be causing it.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2026-02-01 04:16 PM

For the WEB CLI, port 5555 could be changed to a different port from advanced settings on a supported version.
Just for testing, maybe changing the port will resolve the error on Firefox?

See here:
Connections to Port 5555 Fail on Quantum Spark Devices
https://support.checkpoint.com/results/sk/sk183637

I'm not sure if changing the port to 22 will work with the current design though.

(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-02-01 04:20 PM
In response to Tom_Hinoue

Good call, Tom. Appears even with higher version, those commands mignt be needed.

Best,
Andy
"Have a great day and if its not, change it"
genisis__
MVP Silver
MVP Silver
‎2026-02-02 01:13 AM
In response to Tom_Hinoue

We did try this, changed the port to 6666 as an example but still this did not work.  I did ash about changing the port to 22, but we did not try this, way...It looks like the connection is SSL based not SSH based.

0 Kudos
PhoneBoy
Admin
Admin
‎2026-02-02 07:56 AM

Considering the entire purpose of this feature is to not have to use a native SSH client, the communication must occur over HTTPS.
Due to the embedded nature of the OS on Spark devices (not to be confused with SPARC devices), the web server implementation is different than regular appliances.
As such, that communication needs to occur over a different port, which can be changed.

I find it odd that Firefox doesn't give an option to "Accept and Continue" (as it did when I connected to the appliance) and I have to go through the process of fully trusting the self-signed certificate.

0 Kudos
genisis__
MVP Silver
MVP Silver
‎2026-02-02 08:02 AM
In response to PhoneBoy

Totally agree, TAC even replicated it, but said it was a firefox issue, which on the face of it, it does look like it, however I think Checkpoint should be looking to resolve this, because firefox is widely used.

For me - by posting the issue and resolution I came to here, will help others facing this strange issue.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-02 08:06 AM
In response to genisis__

Totally valid point, Firefox should work.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Thu 30 Apr 2026 @ 03:00 PM (PDT)

    Hillsboro, OR: Securing The AI Transformation and Exposure Management
    In-Person

    Thu 07 May 2026 @ 01:30 PM (AEST)

    CheckMates Live Sydney
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    CheckMates Events