This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Perry_McGrew
Collaborator
yesterday

9200 1st Time Wizard WebUI - hangs

Wanted to see what experiences others may have had with these 9000 series GWs.  The 9200 came installed on R81.20.   I set up the USB-C console connection using the https://welcome.checkpoint.com.  I went through the 1st time setup and when it got to the "Preparing your device screen", all the lines just had spinning circles and stayed at 0%. (see attached screenshot)   I let it run for hours before finally giving up.  Refreshed the browser and it returned me to the 1st time setup start.   Went through it again (different browser) with the same outcome.  

Since I am "old school" I also tried connection to the Mgmt port to go use the 192.168.1.1 and do the setup that way.  I found the Mgmt Interface had no IP.  

Since I wanted to get the device updated to R82 + current JHF, I created bootable flash drive using ISOMORPHIC and the R82 T777 ISO.  I wanted the base install to be as current as possible to prep for ClusterXL to ElasticXL conversion tool that apparently will be out around R82.10 release.  

After I updated the 9200 to R82.  I tried the Mgmt 192.168.1.1 connection and the standard 1st Time Wizard I am used to seeing came up.   Finished that and 9200 seems to be fine.   I updated the Deployment Agent and then imported / installed JHF 41 which matches my current CP Mgt server and legacy 5800s. I copied / pasted the applicable 5800 show configuration into the 9200 CLI.  It seems ready to go.  I did enter a TAC case over the spinning webui -- I got a reply to use the CLI.  

So not quite sure of the benefit of the newer 1st time setup WebUI process which requires an internet connection on the Laptop connected to new 9200.      

 

Labels
Preview file
307 KB
0 Kudos
11 Replies
PhoneBoy
Admin
Admin
yesterday

Did they open an R&D task on this to investigate?

0 Kudos
the_rock
MVP Gold
MVP Gold
yesterday

Just my logical thinking...is it possible that this is expected behavior, say if your laptop had Internet connectivity, but firewall does NOT? I can only assume that would be needed for this sort of wizard...just my educated guess.

Andy

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
yesterday
In response to the_rock

It seems to want to do it all through the serial port, the gateway shouldn't need to have any config put on it beforehand to get internet access. It's new to me though, I've never tried this setup method.

0 Kudos
the_rock
MVP Gold
MVP Gold
yesterday
In response to emmap

Right, but if Internet access was not needed, its odd why it did not work, unless something is fundamentally wrong with the appliance...

Andy

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
yesterday
In response to the_rock

It's a new system, it might be the console drivers, the OS or something else on the laptop used to do it, or a backend issue. Needs some figuring out.

(1)
the_rock
MVP Gold
MVP Gold
yesterday
In response to emmap

Yep, agree with all that.

0 Kudos
Vincent_Bacher
Advisor
Advisor
yesterday

Wow.  https://welcome.checkpoint.com .
In our organization, we never have direct access via the console, only via console switches somewhere in a data center, so I didn't even know that this was possible.

I would doubt that the device needs Internet access to use the FTW in this way.
In my youthful naivety, I'll just take the liberty of describing my impressions:

To me, it looks as if the web app simply establishes a connection to the appliance in order to check, for example, whether it is really the device selected in the pop-up (in this case, the 9000 series).
It queries the usual parameters and then “feeds” the cli version of the FTW (config_system) via the USB interface.
If I were to develop such an app, I would collect all parameters, including the expert password, and then create a config.txt file via the USB-cli connection, run config_system -t config.txt, and then present the cli output in a nice, colorful graphic format.
In short: Maybe this is just a case of a device that got stuck when starting the setup process?
On the other hand, my theory above could also be completely wrong. In that case, I take it all back.



and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Gold
MVP Gold
12 hours ago
In response to Vincent_Bacher

That all sounds logical to me, Vincent.

0 Kudos
Perry_McGrew
Collaborator
11 hours ago
In response to the_rock

I would agree.   Maybe I interpreted the instructions wrong.  But if launch the "welcome" URL w/o the USB Console you will get the URL, "welcome.checkpoint.com/#/v1/appliances/first-time-wizard", it states: 

You must perform the required configuration steps from a desktop/laptop computer (running Windows OS and Chrome browser) that you connect to the appliance.
 
When the Laptop / 9200 USB-C console connection is active, (needed to first install the platform specific USB_serial_driver_QuantumII from a SK) the CP website connection it will pop up a option to choose the appliance  type and lead you through a 1st time install process.  I tried it 2x and it hung at the same screen I uploaded.  
 
I was not getting any timely feedback from TAC, so I decided to proceed and update the base image to R82 T777 using ISOMORPHIC tool while waiting for TAC response.  I need to get these 9200's deployed next week.  
 
When it was finished with the R82 install, I just connected the laptop to the RJ45 Console port and tried the traditional 192.168.1.1.  The familiar WebUI opened up and I was able to do and complete the usual 1st Time Wizard setup.   I did NOT try that new method that is launched from that URL (or scanning the QR code) that requires Internet connection from the laptop.  
 
I appreciate the feedback from everyone.   I'll update this post if I get a definitive answer from TAC.  Just happy the traditional method worked!
 
-Perry
(1)
the_rock
MVP Gold
MVP Gold
11 hours ago
In response to Perry_McGrew

Definitely, happy as well that worked for you, Perry,

Andy

0 Kudos
Lesley
MVP Gold
MVP Gold
5 hours ago
In response to Perry_McGrew

Maybe it was shipped with a diferent image? Or someone tested some new wizard and forgot to wipe it?

I have seen couple cases that new hardware is already configured, different password or IP.

https://community.checkpoint.com/t5/Security-Gateways/Brand-new-appliance-with-non-default-IP-on-Mgm...

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events