Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matlu
Advisor

Management WebUI appliance 1550

Hello, everyone.

I have a GW which is an appliance 1530/1550 in version R80.20.35 which is hooked to a SMS which has version R80.40.

I am trying to access the GW via WebUI, but for some reason, it does not allow me.

I want to know, if they probably changed the management port to this GW, to access by WebUI.

Is there any way to identify it through the CLI?

The only way I currently have to access the GW is by CLI, but to access the CLI, I can only do it by "jumping" from the SMS, because if I try to do it directly by SSH, it simply can't be done.

Thanks for your comments.

0 Kudos
10 Replies
the_rock
Legend
Legend

Ola bro,

I bvelieve default web UI port for those appliances is 4434, if Im not mistaken, so as long as that port is allowed via policy, no reason why it would fail.

Andy

0 Kudos
Matlu
Advisor

Buddy,

Is there a way to validate the port needed for the WebUI management of these appliances?

Greetings.

0 Kudos
the_rock
Legend
Legend

Not sure if below works in clish on SMB, but you can try:

show web ssl-port

Andy

0 Kudos
Matlu
Advisor

Bad luck for me 😄

The command does not work.

The commands on these models, vary quite a bit on most of them 😕

GW> show web ssl-port
^
Bad parameter starting at 'web ssl-port'.

0 Kudos
the_rock
Legend
Legend

Found it

show admin-access

Andy

0 Kudos
Matlu
Advisor

I found that the management port for WebUI is 4434, but when I try to access through a "Browser", I can't access.

In the logs, I do not see any "log" that tells me what could be happening.

I have tried TCPDUMP, and FW Monitor, but I don't get any result.

My source IP is an IP assigned to me by my remote VPN connection (1.1.1.1.203).

I have another appliance to which I have access through WebUI, and when I see the logs of this appliance, I see that it matches with an IMPLIED RULE 0 and that is why the traffic is allowed to manage it through HTTPS.

Is an explicit rule needed for this type of access?

0 Kudos
the_rock
Legend
Legend

Make sure traffic is allowed on that port. Just do zdebug and grep for port 4434

fw ctl zdebug + drop | grep "4434"

Andy

0 Kudos
Matlu
Advisor

Is it normal to allow traffic from a certain connection, for an IMPLIED RULE 0?

How to interpret an IMPLIED RULE? It is something like this:
Source: All
Destinations: All
Action: Allow

Is this how IMPLIED works?

I have a flow in which my remote VPN connection is not done by the CP, but by another solution, such as F5.

To certain GW SMB that I have, if the access is allowed by WebUI, but to other appliances, NOT.

Could this be something that also needs to be checked at the VPN solution level by the F5?

0 Kudos
the_rock
Legend
Legend

Its set of predefined rules that sort of govern, for the lack of the better term, the internal CP communication.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

By the way, if you do quick remote with TAC for this issue, Im sure they will be able to figure out why its failing.

Andy

Chris_Atkinson
Employee Employee
Employee

Please consider upgrading the software version of both systems when able as each is approaching their sunset within the coming months.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events