This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JordanHsu
Explorer
‎2023-09-05 02:58 AM

I cannot login VPN "site is not responding" Issues

Dear Sir,

I am Jordan from Taiwan and I am a newbie when it comes to CheckPoint Gateway.

I have encountered a sudden problem when I entered the command "fw unloadlocal" in my 6200 gateway's command line interface (CLI).

My mobile VPN function stopped working, and I have tried to find a lot of documentation to solve this issue, but without success.

I appreciate any assistance or guidance you can provide to help me resolve this matter.

Thank you for your support.

 

attachment

Snag_203f42cd.png

is my log and snapshot. 

trac.7z
0 Kudos
9 Replies
Lesley
MVP Gold
MVP Gold
‎2023-09-05 03:33 AM

This command removes installed policy from gateway. Are you able to reinstall to policy on the 6200 cluster?

If not try fw fetch

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
JordanHsu
Explorer
‎2023-09-05 06:30 PM
In response to Lesley

Hello Lesley, 

Thanks you for the replied 

Yes, i see the command will be removed all policy, 

When i do this then i will reinstall back the the policy.  

However how do i use the command of "fw fetch" , What does the command function to what ?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-09-06 04:21 AM
In response to JordanHsu

R81.10 Quantum Security Gateway Guide - fw fetch

Seems your policy does something wrong if WebGUI is blocked.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-09-05 03:42 AM

Also a reboot should be able to heal it. But why use the command "fw unloadlocal" at all ? Should not be needed except in very special situations (when you did something completely wrong in rule base so SMS can not reach it after policy  install).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JordanHsu
Explorer
‎2023-09-05 06:25 PM
In response to G_W_Albrecht

Hello Albrecht, 

Thank you for replied, Because somehow i have issue form the Gateway ,Such as webGui didn't work. 

That's very strange , When i installed the policy my web-GUI function will going to down. Even i try to use port :4434 ,

If i meet this situation i must be use the commend to unload then install roll back. 

Unfortunately reboot didn't worked.  for my Mobile VPN..

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-06 12:19 PM
In response to JordanHsu

Just to clarify, say if initial policy loads on the fw, that would ONLY allow web UI access on port 443, not any other port. What happens when you install basic policy to the gateway, can you ping say google dns, 8.8.8.8?

If not, can you verify SIC is okay? Also, its possible that something with the routing could be wrong...just do basic test ip r g 8.8.8.8 command and you can verify.

Andy

Best,
Andy
0 Kudos
JordanHsu
Explorer
‎2023-09-06 06:17 PM
In response to the_rock

Hello Rock, 

Yes, from my firewall that would able to ping Google DNS 

Also i already use IP pool from my Gateway provided , So that's probably not a policy issue. 

BTW,  i try to access my FW via GUI with port 443 that did not able either.  but i can telnet 443 to it. 

 2023-09-07_09-06-51.png  

 

2023-09-07_09-02-39.png

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-06 05:12 PM

When you unload the policy with fw unloadlocal, it also affects VPN functionality.
Obviously, you have some issue with your policy that you need to correct.
This is likely something you will need the TAC to assist with: https://help.checkpoint.com

0 Kudos
JordanHsu
Explorer
‎2023-09-06 06:18 PM
In response to PhoneBoy

Hello PhoneBoy 

Thanks i will try it. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events