Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Surendra
Explorer

GUI is not loading for checkpoint security gateway's

Hi Team

GUI is not loading for checkpoint security gateway's

getting below error.

 

ERR_SSL_PROTOCOL_ERROR

0 Kudos
15 Replies
Duane_Toler
Advisor

Looks like you're using Gaia WebUI.  This error is from your browser which doesn't like the TLS version being negotiated.  Your browser may have a TLS configuration imposed by a GPO from your organization.  You can try with Firefox instead to see if that works.  For example, depending on your gateway configuration, the Gaia portal may not be able to support TLS 1.3:

https://support.checkpoint.com/results/sk/sk178505

If your GPO enforces TLS 1.3, then this may be your issue.

 

0 Kudos
Lesley
Leader Leader
Leader

Can you confirm that this firewall is still running supported software? 90% of the time this error is related to ancient firewall software

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend

What version? You can always try change web UI port and test

clish -> set web ssl-port 4434 -> save config -> test

If that fails, I would try open old school Internet explorer and see if that works

https://superuser.com/questions/1824875/where-is-internet-options-now-that-internet-explorer-is-gone

control panel -> internet options -> programs -> manage add-ons -> learn more about toolbars and extensions

Andy

0 Kudos
PhoneBoy
Admin
Admin

What version/JHF is the device?
Older (out of support) versions may not support the ciphers mandated by current web browsers.

0 Kudos
Surendra
Explorer

R81_10_JUMBO_HF_MAIN Take: 139

0 Kudos
the_rock
Legend
Legend

Did you try what we suggested?

Andy

0 Kudos
PhoneBoy
Admin
Admin

Did you check to see if your organization enforces the use of TLS 1.3 as suggested by @Duane_Toler ?

0 Kudos
Surendra
Explorer

organization enforced to use TLS 1.2 and same is configured in gateway as well.

0 Kudos
PhoneBoy
Admin
Admin

Can you reach the gateway via other means (e.g. ssh)?
What is the network path between your client and the gateway and does it include any other firewalls?

0 Kudos
Surendra
Explorer

VPN blade is not enabled, what is the process for renewal for self signed certificate in gateway ?

self signed certificate renewal fixed the issue.

0 Kudos
the_rock
Legend
Legend

Thats odd, can you send screenshot of that vpn tab? How did you renew it if blade is not even on??

0 Kudos
Surendra
Explorer

CP Support did that, i am not sure about that.

0 Kudos
the_rock
Legend
Legend

Do you have commands they ran?

Andy

0 Kudos
Lesley
Leader Leader
Leader

This is documented in https://support.checkpoint.com/results/sk/sk97792

VPN certificate is not only used for interal VPN but also for:

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

Ah, that sk...seen it before, though personally, I always thought there was an easier way to do this rather than enabling/disabling the blade 🙂

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events