This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nüüül
Advisor
‎2020-07-25 04:22 AM

using Smart-1 Cloud

Running this beauty for 4 months so far with no bigger problems.

During deployment I struggled a bit with MaaS Tunnel not coming up and did not find hints or tips for troubleshooting on this tunnel. This is already documented now ( https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-... )

Also as I had multiple efforts to connect one gateway, I was not able then to delete the unused gateway configurations. This is already added. Thanks 👍

 

One thing that got me a little stressed:

While playing around with GeoPolicies, I did not explicitly allow access from Italy. The AWS instance for my Management Service is running there. I had Ireland in my mind so … Bad
As the MaaS tunnel was broken no possibility to correct the issue with i.e. reverting the changes.

I know, this is expected behaviour, but might still force one to reinstall the gateways..

I was able to fix this by manipulating the file /opt/CPsuite-R80.40/fw1/tmp/geo_location_tmp/updates/IpToCountry.csv

IP scopes are there listed in decimal format and assigned to a country. So had to find the appropriate scope and “declare” this as one of the allowed countries (i.e. Ireland). After a reboot, (killing geo.d like mentioned at sk92823 did not really help) MaaS Tunnel was up and I was able to push the new, corrected policy.

To avoid such things – I know, that this is caused by an user failure - but it might help to expand the onboarding mechanism during initializing to exempt the MaaS Gateway IPs from Geo Policy and other things that might have an impact for MaaS tunnels.

If someone knows another - better way, please tell me. For the next time 😀 

 

Besides this - don´t know if this is possible - perhaps a way to address the Management Service through the MaaS tunnel, while being at a network behind  for i.e. SmartConsole Access or Management API calls, might be a good idea instead of connecting via WAN. 

 

 

While writing down I saw, the language suddenly changed to german?

(added a screenshot)

But only at “logs & monitoring”, other areas like “Gateways and Servers” are still in English. That looks strange - Smart Console runs on an English “speaking” Windows Server. Language changed after I closed a “Export to PDF” dialog.

 

Regarding R81 EA, is there a way to attend on this with using Smart-1 Cloud? I think you might want to test it there too? I would be happy to.

Thanks to Check Point for this good product. I am sure, there will be numerous customers to use that - Good work!

Preview file
67 KB
0 Kudos
1 Reply
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus
‎2020-07-28 12:13 AM

Thank you for the feedback and for noticing the changes we are adding constantly to the product and documentation.

We will look at the issues you mentioned, meanwhile, as for R81, we are testing R81 and Smart-1 Cloud in the lab, but currently, we are planning to deploy the GA version on customer environments, if we will consider extending the EA and have R81 running on Smart-1 Cloud before GA, I will definitely approach you.

please feel free to share more feedback.

Anat.

Upcoming Events

    Sort by:
    CheckMates Events