This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2023-11-27 02:54 PM

Management WebUI appliance 1550

Hello, everyone.

I have a GW which is an appliance 1530/1550 in version R80.20.35 which is hooked to a SMS which has version R80.40.

I am trying to access the GW via WebUI, but for some reason, it does not allow me.

I want to know, if they probably changed the management port to this GW, to access by WebUI.

Is there any way to identify it through the CLI?

The only way I currently have to access the GW is by CLI, but to access the CLI, I can only do it by "jumping" from the SMS, because if I try to do it directly by SSH, it simply can't be done.

Thanks for your comments.

0 Kudos
10 Replies
the_rock
MVP Diamond
MVP Diamond
‎2023-11-27 02:55 PM

Ola bro,

I bvelieve default web UI port for those appliances is 4434, if Im not mistaken, so as long as that port is allowed via policy, no reason why it would fail.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-11-27 03:09 PM
In response to the_rock

Buddy,

Is there a way to validate the port needed for the WebUI management of these appliances?

Greetings.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-11-27 03:10 PM
In response to Matlu

Not sure if below works in clish on SMB, but you can try:

show web ssl-port

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-11-27 03:17 PM
In response to the_rock

Bad luck for me 😄

The command does not work.

The commands on these models, vary quite a bit on most of them 😕

GW> show web ssl-port
^
Bad parameter starting at 'web ssl-port'.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-11-27 03:45 PM
In response to Matlu

Found it

show admin-access

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-11-27 04:44 PM
In response to the_rock

I found that the management port for WebUI is 4434, but when I try to access through a "Browser", I can't access.

In the logs, I do not see any "log" that tells me what could be happening.

I have tried TCPDUMP, and FW Monitor, but I don't get any result.

My source IP is an IP assigned to me by my remote VPN connection (1.1.1.1.203).

I have another appliance to which I have access through WebUI, and when I see the logs of this appliance, I see that it matches with an IMPLIED RULE 0 and that is why the traffic is allowed to manage it through HTTPS.

Is an explicit rule needed for this type of access?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-11-27 04:49 PM
In response to Matlu

Make sure traffic is allowed on that port. Just do zdebug and grep for port 4434

fw ctl zdebug + drop | grep "4434"

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-11-27 05:00 PM
In response to the_rock

Is it normal to allow traffic from a certain connection, for an IMPLIED RULE 0?

How to interpret an IMPLIED RULE? It is something like this:
Source: All
Destinations: All
Action: Allow

Is this how IMPLIED works?

I have a flow in which my remote VPN connection is not done by the CP, but by another solution, such as F5.

To certain GW SMB that I have, if the access is allowed by WebUI, but to other appliances, NOT.

Could this be something that also needs to be checked at the VPN solution level by the F5?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-11-27 05:05 PM
In response to Matlu

Its set of predefined rules that sort of govern, for the lack of the better term, the internal CP communication.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

By the way, if you do quick remote with TAC for this issue, Im sure they will be able to figure out why its failing.

Andy

Best,
Andy
"Have a great day and if its not, change it"
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-11-28 06:51 AM

Please consider upgrading the software version of both systems when able as each is approaching their sunset within the coming months.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events