Re: Quantum Spark SMB Gaia not working after 81.10...

velo · ‎2024-08-14

I have a number of SMB1500 appliances, all running on 81.10.10.

I have have upgraded to 81.10.10 build 996002993. I have only done this one one firewall to test the image.

After the upgrade, gaia web interface doesn't work anymore (SSH works)

I'm seeing the following in /var/log/messages

2024 Aug 14 10:49:43 EDIWSE daemon.info thttpd: [my source IP] connection timed out reading

I have a ticket open with Checkpoint , no joy yet.

Thanks

PhoneBoy · ‎2024-08-14

What happens on the client when you connect to https://device-ip:4434?
I didn’t experience this issue when upgrading to this version.

velo · ‎2024-08-14

You get:

Hmmm… can't reach this pageThe connection was reset.
Try:

ERR_CONNECTION_RESET

Chris_Atkinson · ‎2024-08-14

Does the issue persists regardless of browser choice or source address?

I also didn't see this issue post upgrade to this build.

CCSM R77/R80/ELITE

velo · ‎2024-08-14

Yes same behaviour, even when in incognito mode.

To add a bit more detail.

I upgraded the firewall and it came up fine, also the VPN back to main location.
I noticed management wasn't working via public IP, but it was working via LAN IP over VPN.
I rebooted the Gateway again, then it stopped working completely.

I can access the firewall via SSH on public and LAN IP.

the_rock · ‎2024-08-14

I dont work much with SMB, but from clish, can you run show web ssl-port?

See what port it shows. Locally or centrally managed?

Andy

velo · ‎2024-08-14

That command doesn't work but if you do show admin-access it shows it on port 4434 (correct port)

web-access-port: 4434

Naama_Specktor · ‎2024-08-14

My name is Naama Specktor, and I am checkpoint employee.

I will appreciate it if you share TAC SR# , here or in DM.

thanks in advanced,

Naama Specktor

velo · ‎2024-08-14

Hi Naama

I sent you the ticket number. (I got some error when sending the DM so let me know if you don't get it)

Pauli · ‎2024-08-19

@velo

Since we are also about to update:
Have you solved the problem?

velo · ‎2024-08-19

Nope, same issue and not luck with Checkpoint TAC yet.

velo · ‎2024-08-20

TAC have told me I need to rebuild the whole firewall which is not good.

the_rock · ‎2024-08-20

Thats not great news...just curious, was there any debugging done?

Andy

velo · ‎2024-08-21

Not much at all. For that reason I asked if the case can be escalated. Let's see.

Amir_Ayalon · ‎2024-08-21

please share the SR number and R&D will have a look

velo · ‎2024-08-21

DM Sent.. Thanks.

Part of me thinks maybe policy is corrupted.

Are you a member of CheckMates?