This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Johannes_Schoen
Collaborator
‎2019-11-25 04:37 AM

Gaia Webui and SNMP not reachable via routing

Hi Community,

I got the following problem:
Accessing Gaia from a non-lokal network fails. With another device as a jumphost in the same local network, ssh works. The incoming packets for :4434 are shown in fw monitor and are passing the complete inbound chain, but there are not outbound packets. A tcpdump does not show these packages, so the operating system and gaia webui cannot receive that traffic. A kernel debug with zdebug + drop doesn't show any dropped packages.

In apache access_log, no requests are seen.

Unfortunately it's a R77.30 on openserver, which is still in production, but other routing works perfectly on that machine.

I'm confused - does anybody got an idea what the problem is?

Best Regards
Johannes

0 Kudos
4 Replies
mdjmcnally
Advisor
‎2019-11-25 05:18 AM

OK most likely that the WebUI etc only allowed from a local network.

 

When you can WebUI in then under 

 

System Management / Host Access  

 

then what is it set too

 

Seeing in the whole inbound chain in the fwmonitor so presuming you mean

pre-inspection i stage

post-inspection I stage

This would indicate that the traffic getting through the Security Policy, also any Address Spoofing

Hence why suspect that locked down under the Host Access

As can access from local network then process must be responding and be attempting on the correct port.

 

 

0 Kudos
Johannes_Schoen
Collaborator
‎2019-11-25 07:06 AM
In response to mdjmcnally

Allowed-Networks are existent and my networks are allowed - I can see from Smartlog incoming 4434 to the firewall and I can see the packets in the inbound stage i and I but not on the outgoing stage o or O.
Address spoofing is disabled and all topology interfaces are set as external
In case the Allowed-Clients aren't working, is there a log to consult?
0 Kudos
mdjmcnally
Advisor
‎2019-11-25 07:24 AM
In response to Johannes_Schoen

Traffic being passed by the Firewall Policy but no log on the apache server log

sk91380 is the SK article on debugging Gaia Portal.

/var/log/httpd2_error_log  is a log file worth looking at and mentioned in the SK article

The fact that works when local  indicates that the actual port etc itself is correct.

 

what do you get from

 

show static-route destination client_ip

just make sure the next hop is correct.

 

0 Kudos
Johannes_Schoen
Collaborator
‎2019-11-26 02:28 AM
In response to mdjmcnally

Routing looks good, so it's the expected routing interface, and we have production traffic on the firewalls, due to some old vpn-tunnels, still terminated at the check point.

I helped myself with Hide-Natting the traffic with the new firewall to the Check Point node IPs and now it's working again - I won't do more troubleshooting, because of that workaround.

Many thanks for your inputs
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events