This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
Legend Legend
Legend
‎2018-05-28 03:08 AM

Threat Emulation VM Access

When i attended the CP Advanced Troubleshooting for Threat Prevention training i did learn a couple of details that at the time were not yet documented. The situation has changed, but still there is material missing from documentation.

As sometimes only one special VM seems not able to finish emulation, it may be valuable to have a look at the emulation process in the VM itself. This can easily be accomplished, as for debugging issues with Virtual Machines it is possible to connect via VNC to the machines while running. First we have to enable VNC access with:

# tecli d e e

You then can see the VNC port of the relevant machine in the synopsis view:

# tecli s e v s

And now you can connect to all (running) VMs  ! This is not something you would do on a regular basis, as mostly TE does not take long, but as a troubleshooting procedure it does coma very handy...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
3 Replies
Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2018-06-18 05:10 AM

Be sure that the port number you connect to is 590x.

Where x is the number shown in tecli s e v s.

Also keep in mind to open relevant firewall ports in between.

So from the example above you would connect to the second running VM with TightVNC to:

192.168.200.10:5901

Be sure to use TightVNC.

Also remember that clicking/typing or doing any other action inside the VM will count as "behaviour". So you might alter the result by accidently clicking things 🙂

Regards Thomas

Mlinko
Contributor
‎2023-10-25 05:52 AM

Hi all,

 

is there a possibility to "connect" the "tecli d e e" or "tecli s s e" commands with grafana so we can show it virtualy?

Any lead would be great!

KR
Rok

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-10-25 06:30 AM
In response to Mlinko

What is the use here ? To look inside, you need a SSH connection to the TE GW. Otherwise, these commands are useless, especially the first one which does enable VNC access 8)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top