This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2023-04-23 06:03 PM
Jump to solution

Tip for web UI access issue

Hey guys,

Figured would share something that could potentially help others if you were to ever encounter this problem. Worked with customer on upgrading their 3 member cluster from R80.40 jumbo 161 to R81.10 jumbo 94, but I totally forgot the fact he told me they had one member where web UI would log them in, but then as soon as they went to any tab, it would log them out and even clish / ssh commands would be very sporadic.

They dont know for sure when this happened, but at some point in R80.40, out of the blue and it would affect all users, not just admins. TAC told them to do cpstop/cpstart, reboot, soft shutdown, confd restart, nothing helped. Even trying all sort of browsers (even incognito mode) did not make any difference.

We ended up doing hard powercycle and that solved the issue, so we were confident upgrading afterwards.

Anyway, thought would share this, so if anyone ever faces this problem, thats easiest way to solve it.

Cheers.

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Just disable deamon, save, re-enable, save. If that fails, then do same with port number. Change to random one, save, change back to original one, save, install policy, test.

Andy

View solution in original post

0 Kudos
(1)
18 Replies
Blason_R
Leader
Leader
‎2023-04-23 08:13 PM
Jump to solution

Well I specifically have faced this issue and keen to know if platform-portal is listening on port 443? In my case I changed to some random port and installed the policy. Like 9443 and it started working fine. 

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-04-23 08:16 PM
In response to Blason_R
Jump to solution

They told me TAC tried many different ports and none worked. It was on custom port, 8443.

0 Kudos
Blason_R
Leader
Leader
‎2023-04-23 08:19 PM
In response to the_rock
Jump to solution

Hmm - Then definitely it seem to be a bug I believe.

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-04-23 08:24 PM
In response to Blason_R
Jump to solution

Not necessarily, more a "mystery" lol. Its 3 member A-P cluster, only one fw had this issue. Anyway, all good now!

0 Kudos
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

Hi,

Just saw this, I am also facing the same issue. Out of no where one of the cluster fw and VIP is not responding to 8443. I can access via ssh and everything is working but web gui is not working . Do you have any suggestions to resolve without impact traffic as currently its in production environment

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

What version? One easy thing to try would be turn off web daemon, save config, turn it back on and/or do same thing with web ui port number (change to another random port, save, then change back to original one, save).

Message me offline, I should be free in 1 hour, will be on my break, but can do remote if you are allowed to do that.

Andy

0 Kudos
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

Unfortunately, not allowed for remote session. The version is R81.20 and it cam out of no where. So should I try to just disable web daemon and enable or should I change the port as well. I don't want to reboot or something without maintenance window

 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Just disable deamon, save, re-enable, save. If that fails, then do same with port number. Change to random one, save, change back to original one, save, install policy, test.

Andy

0 Kudos
(1)
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

Interesting thing is , it happened to VIP, active node, backup all at once. I will follow this and let you know.

 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Sounds good.

0 Kudos
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

Since I am unable to access Gaia portal, my vpn client is not working as well, although i can connect with Capsule Mobile app. Secondly, do you think Platform Portal option can affect this as well?

 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Its recommended to have web ui platform port set to something other than 443.

Andy

0 Kudos
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

It worked. Thanks.

the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Great! which method?

Andy

0 Kudos
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

Port changed. We actually had a discussion on a VPN Tunnel issue as well which is still on going and I am unable to resolve it neither TAC 😛 and on the same fw I got this today.

 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Well, sometimes those things come with experience, specially if people had seen it too many times...I had issues like that happened even back in R55, so its all in my head as far as basic things to try : - )

Andy

0 Kudos
Zee
Contributor
yesterday
In response to the_rock
Jump to solution

True, I once had this issue on untangle firewall. But with Checkpoint, I am relatively new its been few months I have started working on it. Thank you for the hint. I hope VPN resolves as well somehow 🙂

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Zee
Jump to solution

Its all good, we are here to help. No one is born knowing everything, so no one can judge others if they dont know/cant solve something, no shame in that.

Andy

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events