- CheckMates
- :
- CheckMates Toolbox
- :
- SmartConsole Extensions
- :
- Change Report
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Change Report
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SmartConsole Extension to review changes between revisions (sk166435).
Supported from: R80.30+
Requirements: Internet connectivity. Offline version: Not available yet.
Technologies: iFrames, Node.js, React, Webpack etc.
Author: Check Point
Limitations | Troubleshooting
Extension URL: https://extensions.checkpoint.com/changes-report/extension.json
SmartConsole Extension to review changes between revisions (sk166435).
Supported from: R80.30+
Requirements: Internet connectivity. Offline version: Not available yet.
Technologies: iFrames, Node.js, React, Webpack etc.
Author: Check Point
Limitations | Troubleshooting
Extension URL: https://extensions.checkpoint.com/changes-report/extension.json
Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As this is a Check Point extension you will need to write a mail to: extensions@checkpoint.com
As this is a Check Point extension you will need to write a mail to: extensions@checkpoint.com
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The extension is publicly hosted to make it easier for customers to use without needing a web server to host it.
If you prefer to host it internally, you can of course do so. All the files are accessible just like the ".json" file.
For example:
https://extensions.checkpoint.com/changes-report/index.html
We would be very glad to get customer feedback on this extension. Let us know if it's helpful for you!
Note that it's recommended to have the latest R80.30 JHF installed on your server. There are some fixes there for edge cases that can affect the report.
Note #2: in R81, this capability will be out-of-the-box without having to manually add the extension. In R80.30 / R80.40, we are providing it as an extension so that earlier releases can enjoy it.
The extension is publicly hosted to make it easier for customers to use without needing a web server to host it.
If you prefer to host it internally, you can of course do so. All the files are accessible just like the ".json" file.
For example:
https://extensions.checkpoint.com/changes-report/index.html
We would be very glad to get customer feedback on this extension. Let us know if it's helpful for you!
Note that it's recommended to have the latest R80.30 JHF install
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tomer,
thanks a lot Tomer.
Its a very helpful extension, glad to hear that this feature will be integrated with smartconsole..👏
Regards
Sudip
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right. Even when you uncheck this in Global Properties then SmartConsole Extensions can still send data to Google for all kind of Check Point analytics. Let's see if this gets fixed in R81 as I was told yesterday that this code is included in R81 EA as it is. But also many other Check Point tools, like the What's new page, that opens when you installed a new SmartConsole for the first time, talk to Google.
Right. Even when you uncheck this in Global Properties then SmartConsole Extensions can still send data to Google for all kind of Check Point analytics. Let's see if this gets fixed in R81 as I was told yesterday that this code is included in R81 EA as it is. But also many other Check Point tools, like the What's new page, that opens when you installed a new SmartConsole for the first time, talk to Google.
;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Danny, @Sven_Glock , thank you for sharing your concerns. We are open to get the feedback, and this is a good example of how the direct contact with the community is valuable.
Short answer: we will modify the extension so that it won't access Google without explicit permission
Long answer:
Many web applications and sites use Google Analytics to gather usage information. It's a very easy way to gain insights to what regions your users are coming from, what features they use and how. It doesn't share personal information or the actual values that were inputted.
The SmartConsole extensions are external to the application and can even be developed by 3rd parties. Therefore, they can access external sites / APIs without the limitations imposed on SmartConsole.
That said, we understand that if an extension is provided by Check Point, there is an expectation that we will check if sharing usage information was approved.
As a first step, we will remove the reporting to Google Analytics. We will double-check the code in R81 to make sure it's not there and also update (in 1-2 weeks) the extension that we host publicly. If you use it from our URL, it will be updated automatically.
As a second step, we will develop a REST API that can be used to check if the Management has approved sharing usage information. Then our extensions (and even 3rd party extensions) can use this API to make the decision according to the user's choice. It's important to emphasize that with 3rd party extensions, the responsibility for doing this is on the developer of the extension.
@Danny, @Sven_Glock , thank you for sharing your concerns. We are open to get the feedback, and this is a good example of how the direct contact with the community is valuable.
Short answer: we will modify the extension so that it won't access Google without explicit permission
Long answer:
Many web applications and sites use Google Analytics to gather usage information. It's a very easy way to gain insights to what regions your users are coming from, what features they u
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In regards of SmartConsole extension, I need to insert URL which is publicly available (on internet).
Where exactly I need to have internet access? On workstation where I have installed SmartConsole, or on Management system (MDS) ?
Are there any plans to have Extensions working even without internet access ? Like installing offline or something like that...
I will not install any extention which will gather some information (like Google Analytics).
Jozko Mrkvicka
In regards of SmartConsole extension, I need to insert URL which is publicly available (on internet).
Where exactly I need to have internet access? On workstation where I have installed SmartConsole, or on Management system (MDS) ?
Are there any plans to have Extensions working even without internet access ? Like installing offline or something like that...
I will not install any extention which will gather some information (like Google Analytics).
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The SmartConsole application needs to access the URL (not the MDS).
Note that we are hosting the extension files in the cloud for convenience. They are open source, so you can download them and host them locally on your web server. In that case, you won't need internet access.
Regarding the Google Analytics, in the coming couple of weeks we plan to update the extensions code to stop sending the data.
The SmartConsole application needs to access the URL (not the MDS).
Note that we are hosting the extension files in the cloud for convenience. They are open source, so you can download them and host them locally on your web server. In that case, you won't need internet access.
Regarding the Google Analytics, in the coming couple of weeks we plan to update the extensions code to stop sending the data.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Tomer_Noy for the quick positive response! 🙂 Can you please update this threat once new release with fixed google communication is GA?
Thanks
@Tomer_Noy for the quick positive response!
🙂 Can you please update this threat once new release with fixed google communication is GA?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Updating that we have removed the Google Analytics reporting code from our Changes Report extension (https://extensions.checkpoint.com/changes-report/extension.json).
This is updated in our GitHub open source and in the publicly hosted version in the link.
As always, we welcome feedback and would love to hear if this extension is useful for you in production.
Updating that we have removed the Google Analytics reporting code from our Changes Report extension (https://extensions.checkpoint.com/changes-report/extension.json).
This is updated in our GitHub open source and in the publicly hosted version in the link.
As always, we welcome feedback and would love to hear if this extension is useful for you in production.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Google Analytics got removed. However, these Google resources are still used and downloaded from Google everytime the SmartConsole Extension is accessed:
Google Analytics got removed. However, these Google resources are still used and downloaded from Google everytime the SmartConsole Extension is accessed:
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmmm...
These are just links to static content (fonts, a Check Point logo image and a js file). No customer information is passed.
Nevertheless, let me discuss it with the relevant R&D team and we'll see what should be done.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The latest Changes Report extension should be "Google-free" now 😀
Check it out and enjoy!
As always, let us know if you have feedback (good or bad). Also, use-cases or stories on how you use this will be much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The screenshot in the SK was not updated.
If you install the extension from the link, it will not show those external resources anymore.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also SmartConsole What's New that opens automatically upon every SmartConsole installation and your Tailored Safe extension use Google Analytics and Tag Manager.
Also SmartConsole What's New that opens automatically upon every SmartConsole installation and your Tailored Safe extension use Google Analytics and Tag Manager.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only me that dont get this to work?
I have a test installation of a MGMT with R80.40 and latest.
Both mgmt and windows pc with smartconsole has access to internet.
Everything installs fine, i see no drops from windows pc and mgmt station.
But it always shows "no changes"
Tested to create rules and also edit normal network rules.
am logged in to the mgmt station with IP and not DNS.
Changes are published and installed policy.
Regards,
Magnus
Only me that dont get this to work?
I have a test installation of a MGMT with R80.40 and latest.
Both mgmt and windows pc with smartconsole has access to internet.
Everything installs fine, i see no drops from windows pc and mgmt station.
But it always shows "no changes"
Tested to create rules and also edit normal network rules.
am logged in to the mgmt station with IP and not DNS.
Changes are published and installed policy.
Regards,
Magnus
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Changes Report will show you the changes in your current session before you publish.
If you want to see changes between published sessions, go to the Revisions page (under Manage & Settings), select the desired revision and click the "Changes" button.
The Changes Report will show you the changes in your current session before you publish.
If you want to see changes between published sessions, go to the Revisions page (under Manage & Settings), select the desired revision and click the "Changes" button.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The more intuitive way to see all changes since last policy install is:
- Click on policy installation
- Select policy to install
- Click on the link below "Total Changes from last installation..."
- In the next window select the oldest revision
- Click on "Changes"
- Select "Compare to current version"
The more intuitive way to see all changes since last policy install is:
- Click on policy installation
- Select policy to install
- Click on the link below "Total Changes from last installation..."
- In the next window select the oldest revision
- Click on "Changes"
- Select "Compare to current version"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have installed the extension in r80.40 take 78 and the "change" button is now available in all the sections that it is supposed to be.
Now when I click the change button in any section I get a white screen prompted and in about 20 or 30 secs I get a err message saying "Loading Error: ERR_CONNECTION_TIMED_OUT"
Is there any special connectivity required for this extension to work?
I have installed the extension in r80.40 take 78 and the "change" button is now available in all the sections that it is supposed to be.
Now when I click the change button in any section I get a white screen prompted and in about 20 or 30 secs I get a err message saying "Loading Error: ERR_CONNECTION_TIMED_OUT"
Is there any special connectivity required for this extension to work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Weird, I don't see any external connection when I click "changes" but I see there are loads of tcp connections to localhost in the manager.
I don't know why this extension fails in my environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I have just noticed that the Smartconsole was trying to access to the manager using the GAIA default proxy configuration.
I have set UseDefaultWebProxy=true following sk166932 and it is sorted now
C:\Program Files (x86)\CheckPoint\SmartConsole\R80.40\PROGRAM\SmartConsole.exe.config
I would say that it makes more sense for UseDefaultWebProxy to set to true by default, but anyway it is okay.
Sorry, I have just noticed that the Smartconsole was trying to access to the manager using the GAIA default proxy configuration.
I have set UseDefaultWebProxy=true following sk166932 and it is sorted now
C:\Program Files (x86)\CheckPoint\SmartConsole\R80.40\PROGRAM\SmartConsole.exe.config
I would say that it makes more sense for UseDefaultWebProxy to set to true by default, but anyway it is okay.
;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My Security Manager has two nics with two different ips to get more redundancy. It works great. If one nic goes down I can connect with smartconsole to the other ip and I have no problem to make changes in the other gateways through the secondary nic.
The only problem is this "changes" extension. I get the following error "Error: Unable to retrieve read-only session" when the primary card/ip is down (this is the ip configured in Smartconsole for the manager and also the official ip for the licenses).
Looking at sk166932, it seems that this is expected if the ip configured in Smartconsole for the mgmt object differs from the ip you are accessing to.
It seems that the checkpoint extension system doesn't support two nics/2ips.
Is there anything it can be done to support this configuration?
I would love to have a VPC/LACP and only one IP over the two NICs but I can't do it at the moment.
My Security Manager has two nics with two different ips to get more redundancy. It works great. If one nic goes down I can connect with smartconsole to the other ip and I have no problem to make changes in the other gateways through the secondary nic.
The only problem is this "changes" extension. I get the following error "Error: Unable to retrieve read-only session" when the primary card/ip is down (this is the ip configured in Smartconsole for the manager and also the official ip for
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connectivity: To configure interface redundancy it is best practice to set up an interface bond and use one single IP address.
Security: Your security management should be a management host running at one specific host IP address that is directly segmented and protected by your security gateways. Configuring a secondary interface means you maintain a management gateway and not a management host which is not recommended.
License: You already figured it out by now, right?
Web Extensions: These and many other management functions rely on your managements' main IP address, so don't change it and put it on an interface bond instead.
Connectivity: To configure interface redundancy it is best practice to set up an interface bond and use one single IP address.
Security: Your security management should be a management host running at one specific host IP address that is directly segmented and protected by your security gateways. Configuring a secondary interface means you maintain a management gateway and not a management host which is not recommended.
License: You already figured it out by now, right?
Web Exten
...;