Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bill_Ng
Collaborator
Jump to solution

Checkpoint 12200 LOM

Hi all,

I have a LOM on a 12200.  I am having a heak of a time getting the Launch Java KVM client and the Launch Java VM client working.  I believe the issue is with certificates and TLS handshakes.  Jave control panel log says 'Connection failed with exception: Received fatal alert: handshake_failure'.   I've tried numerous attempts to generate a CSR from the LOM control panel and process the CSR with our PKI to get certificate.  When I upload the certificate to the LOM it has an error validating the certificate.  Do I need cer or pfx/p12 format to upload and is there a way to upload the certificate a different way outside of LOM control panel portal?  I looked at the LOM documentation and it isn't very helpful at all.  Any suggestions are welcomed.

Thanks,

Bill

1 Solution

Accepted Solutions
emmap
Employee
Employee

See if you can load these links - there's three versions, you need to upgrade to each one in sequence.

0.93: https://support.checkpoint.com/results/download/51965

3.99: https://support.checkpoint.com/results/download/103817

4.2b https://support.checkpoint.com/results/download/103818 

View solution in original post

0 Kudos
16 Replies
AlekseiShelepov
Advisor

What version of LOM firmware you have there? The latest is 2.2 (Nov 2016).

LOM firmware versions for Check Point 4000, 12000 and TE appliances 

Maybe this information would help:

Minimum requirements:

  • Java 7 to use KVM & VirtualMedia
  • Java 7 requires enabling TLS 1.2 and disabling TLS 1.0/1.1 in order to use KVM & VirtualMedia (refer to Java control panel guide)
  • Google Chrome, Mozilla Firefox or Internet explorer 9 and above

Known Limitations:

  • KVM console does not work with Java 8
0 Kudos
Bill_Ng
Collaborator

I am running LOM firmware 2.2.  Using Java 1.7.0_80, enabled TLS 1.2 and disabled 1.0/1.1.  I have tried via Chrome and IE.  Java is still throwing up the following.

MK9
Contributor


12600, 4800, Firmware Version 2.1.30099

These settings worked for me:

Java_Settings_LOM.png

in addition, JNLP file have been modified by sk112493

 

0 Kudos
JozkoMrkvicka
Authority
Authority

I remember from the past, that we had to modify .jnlp file manually to replace some parameters (I guess to add password). Since the sk112493 was deleted, does anybody know the procedure to access console of KVM on very old LOM firmware?

I am getting "Invalid Session token. Authentication failure" once the KVM console is started from JAVA.

Kind regards,
Jozko Mrkvicka
0 Kudos
Lesley
Leader Leader
Leader

This file you can edit with Notepad:

2.The "jviewer.jnlp" file will be downloaded automatically.

3.Edit the "jviewer.jnlp" file with Notepad++/UltraEdit:

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
JozkoMrkvicka
Authority
Authority

thats clear, but what exactly is supposed to be modified in the jnlp file ? Which lines, which content?

Kind regards,
Jozko Mrkvicka
0 Kudos
emmap
Employee
Employee
  1. Edit the JNLP file and modify the arguments "user=" and "password=" to valid credentials

    By default the username and password are various numbers - change them to valid credentials like "user=admin" and "password=<valid password>"
  2. Double-click on the modified JNLP file.

 
0 Kudos
JozkoMrkvicka
Authority
Authority

This is original content of JNLP file (dont see anything related to username nor password):

<?xml version="1.0" encoding="UTF-8"?>

<jnlp spec="1.0+" codebase="https://10.10.10.10/Applications/ASTER/Java">
<information>
<title>JViewer</title>
<vendor>American Megatrends, Inc.</vendor>
<description kind="one-line">JViewer Console Redirection Application</description>
<description kind="tooltip">JViewer Console Redirection Application</description>
<description kind="short">
JViewer enables a user to view the video display of managed server via KVM.
It also enables the user to redirect his local keyboard, mouse for managing the server remotely.
</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.6+"/>
<jar href="release/JViewer.jar"/>
</resources>
<resources os="Windows" arch="x86">
<j2se version="1.6+"/>
<nativelib href="release/Win32.jar"/>
</resources>
<resources os="Linux" arch="x86">
<j2se version="1.6+"/>
<nativelib href="release/Linux_x86.jar"/>
</resources>
<resources os="Linux" arch="i386">
<j2se version="1.6+"/>
<nativelib href="release/Linux_x86.jar"/>
</resources>
<application-desc>
<argument>10.10.10.10</argument>
<argument>7578</argument>
<argument>99VMEaSIAdS9oghr</argument>
</application-desc>
</jnlp>

Kind regards,
Jozko Mrkvicka
0 Kudos
emmap
Employee
Employee

That's what the SK has in it. You might have a newer firmware and a different issue?

0 Kudos
JozkoMrkvicka
Authority
Authority

I am trying to reach Console over KVM within 21400 appliance with LOM firmware 0.84 (dated April 2015). LOM firmware has descrition of "0.84_LOM_CRT_RADIUS". Since the page where it was possible to download LOM for 21400 is deleted, I am stuck with this version 😕 

In order to even reach the LOM interface, I had to download very old portable web browser which supports old SSL protocol or cipher suite. In addition, TLS1.0 and TLS 1.1 had to be enabled in JAVA.

Once the JAVA is starting, I am getting "Invalid Session token. Authentication failure".

Kind regards,
Jozko Mrkvicka
0 Kudos
emmap
Employee
Employee

See if you can load these links - there's three versions, you need to upgrade to each one in sequence.

0.93: https://support.checkpoint.com/results/download/51965

3.99: https://support.checkpoint.com/results/download/103817

4.2b https://support.checkpoint.com/results/download/103818 

0 Kudos
JozkoMrkvicka
Authority
Authority

download link for 0.93 version seems to be broken 😕 Remaining 2 are fine and I downloaded them.

Kind regards,
Jozko Mrkvicka
0 Kudos
emmap
Employee
Employee

Attached it here.

0 Kudos
JozkoMrkvicka
Authority
Authority

Thank you !

Going to upgrade firmware using all 3 versions, but I had to leave the config of LOM intact (preserve configuration), since LOM is the only reachable interface of the appliance 😄 After every successful upgrade, I will try to reach the KVM console.

Kind regards,
Jozko Mrkvicka
0 Kudos
emmap
Employee
Employee

I can't see anything stating that you have to not preserve the config, so hopefully it remains intact all the way through.

0 Kudos
JozkoMrkvicka
Authority
Authority

in these old LOM versions there is even no option to not preserve the config 😄

Anyway, upgrade to 4.2b did NOT help 😞

once upgraded from original 0.84 to 0.93, JNLP content is exactly the same as pasted previously. KVM console is still getting "Invalid Session token. Authenticatiom failure".

once upgraded from 0.93 to 3.99, KVM is disabled, since 3.99 is just bridge version.

once upgraded from 3.99 to 4.2b, JNLP content is exactly the same as pasted previously. KVM console is still getting "Invalid Session token. Authenticatiom failure".

There is simple no change of syntax within JNLP file for different versions.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events