This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kb1
Collaborator
‎2020-01-29 01:14 PM

Need help with telnet connection checkpoint 1100 appliance

So i set up a firewall on secondary site where traffic was going to be failed over, had the testing phase yesterday night and everything went well aprt from the telnet connection which was being refused by the firewall, now i did add a rule in the policy to allow telnet connection but it doesnt work(no idea if i did that right),the thing is the same issue happened to another firewall last year(with a very similar setup) and they fixed it by allowing telnet but i dont know how they allowed telnet, i do see some rules on the rulebase allowing telnet and i did the same for this firewall as well but it does not work, is there a way to enable telnet connections on the firewall through the gui or cli because i cant find any solution online!

Gaia version- R77.20.80

SMB Appliance 

0 Kudos
8 Replies
Maarten_Sjouw
Champion
Champion
‎2020-01-29 02:51 PM

When you say telnet to the firewall, are you trying to get a connection to the firewall's Command Line?
If so forget about Telnet and use SSH instead, that is a encrypted version of telnet. A very good free client for SSH is Putty
Regards, Maarten
0 Kudos
kb1
Collaborator
‎2020-01-29 02:57 PM
In response to Maarten_Sjouw

i mean to say they were testing connection to the frewall by trying to telnet to the natted ip (192.86.x.x) and then it shows tcp sxaA flag which means connection is being refused from the firewall, shown in more detail below-

Technical details of the issue:

Telnet response sourcing Agent Vlan –
DAV-CS-VSS#telnet 192.86.81.224 443 /source-interface vlan 507
Trying 192.86.81.224, 443 ...
% Connection timed out; remote host not responding
----------------------------------------------------------------
Current logs that still shows no outside sync-
TCP FRO_DMZ: 192.86.81.224/443 (192.86.81.224/443) CFW_TRANSIT: 10.96.160.1/35841 (216.152.218.2/35841), flags sxaA , idle 2s, uptime 8s, timeout 30s, bytes 0, xlate id 0x7f37b42d5a80

Now how do i fix this sxaA problem? Apparently the clients when connecting to the checkpoint portal through this firewall also receive this same exact error, is this related to telnet or something else? either way i just want to fix this sxaA problem.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-29 08:16 PM
In response to kb1

Telnet is typically a TCP connection on port 23.
What your output suggests is you are trying to determine connectivity on TCP port 443, which is the service HTTPS.
A detailed description of exactly what you are trying to configure in terms of IP addresses and ports (source and destination) as well as screenshots of how you attempted to do this would be helpful.
Ryan_Ryan
Advisor
‎2020-01-29 08:44 PM
In response to kb1

I too am confused by what you are trying to achieve.

 

But I would follow basic troubleshooting steps, when you can't establish a connection to a port we need to first confirm the server (in this case your firewall) is running services on that port. So bring up a command line on your firewall and run:

telnet localhost 443

If that says connection refused then you need to enable the service (whatever service you are trying to get working), if this is captive portal, then you need to enable it under gateway properties / identity awareness. Or if its SSL VPN then its under gateway properties / Remote access.

 

0 Kudos
kb1
Collaborator
‎2020-01-30 01:51 PM
In response to Ryan_Ryan

Hello Ryan,

This is what i get,
[Expert@DAL-TelePerf-FW01]# telnet localhost 443
telnet: cannot connect to remote host (127.0.0.1): Connection refused

now how do i enable those services? can you be a bit more elaborate? can you give a step by step instructions on how to do so? i did not understand your instructions on how to enable the services.
0 Kudos
Ryan_Ryan
Advisor
‎2020-01-30 05:59 PM
In response to kb1

Hello,

 

First we need to understand what service your users are trying to access?

 

You tell us they are trying to connect to the firewall on port 443, please tell us why they are trying to do that, then I can help you with what service oyu need ot enable. Checkpoint firewalls can run dozens of services on 443 (web management, SSL VPN, captive portal, certificate manager... etc).

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-01-30 12:41 AM

Contact TAC by using the chat - this is the quickest way, to resolve it in a short RAS !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
kb1
Collaborator
‎2020-01-30 10:48 AM
In response to G_W_Albrecht

so i talked to support and they said eveything seems to be fine with the firewall, he checked the logs and its accepting the telnet traffic and other traffic as well, so looks like we will have to look at the live traffic capture on the issue and check whats going on.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top