Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Change Report

Champion
Champion
Verified By CP

SmartConsole Extension to review changes between revisions (sk166435).

Supported from: R80.30+
Requirements: Internet connectivity. Offline version: Not available yet.
Technologies: iFrames, Node.js, React, Webpack etc.
Author: Check Point
Limitations | Troubleshooting

Extension URL: https://extensions.checkpoint.com/changes-report/extension.json

Screenshot 2020-11-10 at 12.27.18.png

image.png
image.png

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
29 Replies

Participant

Hi Danny,

 

We require index.htm of this extension as we are integrating this locally.

 

Thanks

Sudip Majee.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

As this is a Check Point extension you will need to write a mail to: extensions@checkpoint.com 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Employee+
Employee+

The extension is publicly hosted to make it easier for customers to use without needing a web server to host it.

If you prefer to host it internally, you can of course do so. All the files are accessible just like the ".json" file.
For example:

https://extensions.checkpoint.com/changes-report/index.html

 

We would be very glad to get customer feedback on this extension. Let us know if it's helpful for you!

 

Note that it's recommended to have the latest R80.30 JHF install

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Participant

Hi Tomer,

thanks a lot Tomer.

Its a very helpful extension, glad to hear that this feature will be integrated with smartconsole.. 👏

 

Regards

Sudip

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Explorer

Hi Tomer, is there documentation on implementing this extension on-prem?

 

Thanks,

Dave

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Advisor

I love this extension, but google code inside prevents me from putting it in production...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Right. Even when you uncheck this in Global Properties then SmartConsole Extensions can still send data to Google for all kind of Check Point analytics. Let's see if this gets fixed in R81 as I was told yesterday that this code is included in R81 EA as it is. But also many other Check Point tools, like the What's new page, that opens when you installed a new SmartConsole for the first time, talk to Google.

image.png

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

@Danny@Sven_Glock , thank you for sharing your concerns. We are open to get the feedback, and this is a good example of how the direct contact with the community is valuable.

Short answer: we will modify the extension so that it won't access Google without explicit permission

Long answer:

Many web applications and sites use Google Analytics to gather usage information. It's a very easy way to gain insights to what regions your users are coming from, what features they u

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

In regards of SmartConsole extension, I need to insert URL which is publicly available (on internet).

Where exactly I need to have internet access? On workstation where I have installed SmartConsole, or on Management system (MDS) ?

Are there any plans to have Extensions working even without internet access ? Like installing offline or something like that...

I will not install any extention which will gather some information (like Google Analytics).

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

The SmartConsole application needs to access the URL (not the MDS).

Note that we are hosting the extension files in the cloud for convenience. They are open source, so you can download them and host them locally on your web server. In that case, you won't need internet access.

Regarding the Google Analytics, in the coming couple of weeks we plan to update the extensions code to stop sending the data.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Advisor

Thanks  @Tomer_Noy  for the quick positive response! 🙂 Can you please update this threat once new release with fixed google communication is GA?


;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

Updating that we have removed the Google Analytics reporting code from our Changes Report extension (https://extensions.checkpoint.com/changes-report/extension.json).

This is updated in our GitHub open source and in the publicly hosted version in the link.

As always, we welcome feedback and would love to hear if this extension is useful for you in production.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Google Analytics got removed. However, these Google resources are still used and downloaded from Google everytime the SmartConsole Extension is accessed:

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Employee+
Employee+

Hmmm...

These are just links to static content (fonts, a Check Point logo image and a js file). No customer information is passed.

Nevertheless, let me discuss it with the relevant R&D team and we'll see what should be done.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Employee+
Employee+

The latest Changes Report extension should be "Google-free" now  😀

Check it out and enjoy!

As always, let us know if you have feedback (good or bad). Also, use-cases or stories on how you use this will be much appreciated.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

The related screen shot in sk166435 still shows the use of Google resources.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

The screenshot in the SK was not updated.

If you install the extension from the link, it will not show those external resources anymore.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Also SmartConsole What's New that opens automatically upon every SmartConsole installation and your Tailored Safe extension use Google Analytics and Tag Manager.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Only me that dont get this to work?
I have a test installation of a MGMT with R80.40 and latest.
Both mgmt and windows pc with smartconsole has access to internet.

Everything installs fine, i see no drops from windows pc and mgmt station.
But it always shows "no changes"

Tested to create rules and also edit normal network rules.
am logged in to the mgmt station with IP and not DNS.
Changes are published and installed policy.

Regards,
Magnus

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

The Changes Report will show you the changes in your current session before you publish.

If you want to see changes between published sessions, go to the Revisions page (under Manage & Settings), select the desired revision and click the "Changes" button.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Advisor

The more intuitive way to see all changes since last policy install is:

  • Click on policy installation
  • Select policy to install
  • Click on the link below "Total Changes from last installation..."
  • In the next window select the oldest revision
  • Click on "Changes"
  • Select "Compare to current version"
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

I have installed the extension in r80.40 take 78 and the "change" button is now available in all the sections that it is supposed to be.
Now when I click the change button in any section I get a white screen prompted and in about 20 or 30 secs I get a err message saying "Loading Error: ERR_CONNECTION_TIMED_OUT"
Is there any special connectivity required for this extension to work?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

Weird, I don't see any external connection when I click "changes" but I see there are loads of tcp connections to localhost in the manager.
I don't know why this extension fails in my environment.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

Are you trying this extension with Demo Mode, or your own Management server?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

Sorry, I have just noticed that the Smartconsole was trying to access to the manager using the GAIA default proxy configuration.
I have set UseDefaultWebProxy=true following sk166932 and it is sorted now

C:\Program Files (x86)\CheckPoint\SmartConsole\R80.40\PROGRAM\SmartConsole.exe.config

I would say that it makes more sense for UseDefaultWebProxy to set to true by default, but anyway it is okay.

               

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

My Security Manager has two nics with two different ips to get more redundancy. It works great. If one nic goes down I can connect with smartconsole to the other ip and I have no problem to make changes in the other gateways through the secondary nic.

The only problem is this "changes" extension. I get the following error "Error: Unable to retrieve read-only session" when the primary card/ip is down (this is the ip configured in Smartconsole for the manager and also the official ip for

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Connectivity: To configure interface redundancy it is best practice to set up an interface bond and use one single IP address.

Security: Your security management should be a management host running at one specific host IP address that is directly segmented and protected by your security gateways. Configuring a secondary interface means you maintain a management gateway and not a management host which is not recommended.

License: You already figured it out by now, right?

Web Exten

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

 

Connectivity: To configure interface redundancy it is best practice to set up an interface bond and use one single IP address.

- Agree, I would love to do it but I can't at the moment. We are connecting the Manager to two switch/routers in HA. Unfortunately they don't run VPC, so we need two different IP networks to support this configuration in HA.

Security: Your security management should be a management host running at one specific host IP address that is directly segmented and

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

I am trying it in the management server, not in demo mode.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos