AnsweredAssumed Answered

Firemon - Check Point R80.10 API not working.

Question asked by Jonathan Horne on Apr 6, 2018
Latest reply on Apr 12, 2018 by Robert Decker

Currently running Check Point Multi-domain R80.10 JHF 91 and trying to retrieve/pull configurations into Firemon v8.21.  On the MDS API status shows good.  I am seeing error in api.elg and httpd log.  I know there is SK for known issue, but that was resolved in previous JHF.  I am not sure if this is a Firemon issue or a Check Point issue.  Anyone else seeing or having similar issue?  Any help is appreciated.  Thanks!

 

Error Log from Firemon:

Last Updated: 4/2/2018 6:11 PM

Status: Failure

Description: Manual Retrieval

Retrieval Error: Error: Error Summary:

Exception: http status=502 content=<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>502 Proxy Error</title>

</head><body>

<h1>Proxy Error</h1>

<p>The proxy server received an invalid

response from an upstream server.<br />

The proxy server could not handle the request <em><a href="/web_api/show-groups">POST /web_api/show-groups</a></em>.<p>

Reason: <strong>Error reading from remote server</strong></p></p>

</body></html>

 

The API status is good on Check Point and all IP’s are allowed to communicate to it.

 

API Status:
[Expert@XXXXXXX:0]# api status

 

API Settings:

---------------------

Accessibility:                      Require all granted

Automatic Start:                    Enabled

 

Processes:

 

Name      State     PID       More Information

-------------------------------------------------

API       Started   12783

CPM       Started   876       Check Point Security Management Server is running and ready

FWM       Started   7500

 

Port Details:

-------------------

JETTY Internal Port:      50277

APACHE Gaia Port:         443

 

 

--------------------------------------------

Overall API Status: Started

--------------------------------------------

 

API readiness test SUCCESSFUL. The server is up and ready to receive connections

 

Notes:

------------

To collect troubleshooting data, please run 'api status -s <comment>'

 

Here is what I am seeing in the API logs.

Api.elg

ID: 756

Address: http://127.0.0.1:50276/web_api/show-access-rulebase

Encoding: ISO-8859-1

Http-Method: POST

Content-Type: application/json

Headers: {Accept=[*/*], accept-encoding=[gzip, deflate], Cache-Control=[no-cache], connection=[keep-alive], Content-Length=[108], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-693.21.1.el7.x86_64], X-chkp-sid=[XsV3X_LLY9jsSZAvMMq8rXje6NWqaw-WYOEagzp9yCg], X-Forwarded-For=[10.178.17.41], X-Forwarded-Host=[10.178.17.33], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[10.178.17.30]}

Payload: {"offset": 100, "limit": 100, "uid": "93b6a23a-5c39-4807-8117-b860cf775ec1", "use-object-dictionary": false}

--------------------------------------

2018-04-05 06:48:03,335  INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp839789802-28] - Cache created and initialized

2018-04-05 06:48:03,335  INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:132 [qtp839789802-28] - Executing [show-access-rulebase] of version 1.1

2018-04-05 06:48:04,109  WARN com.checkpoint.management.web_api_is.utils.managers.command_manager.WebApiCommandManager.getSafeStandardReplyClassByCpmClassSimpleName_aroundBody18:203 [qtp839789802-28] - Getting standard reply class for CPM class [CpmiAnyObject] for API version [1.1] failed. Returning default standard reply class.

2018-04-05 06:48:04,122  WARN com.checkpoint.management.web_api_is.utils.managers.command_manager.WebApiCommandManager.getSafeStandardReplyClassByCpmClassSimpleName_aroundBody18:203 [qtp839789802-28] - Getting standard reply class for CPM class [Global] for API version [1.1] failed. Returning default standard reply class.

 

Httpd2_error_log

[Mon Apr 02 12:44:32.179081 2018] [proxy_http:error] [pid 18072] (70007)The timeout specified has expired: [client 10.178.17.41:34140] AH01102: error reading status line from remote server 127.0.0.1:50277

[Mon Apr 02 12:44:32.179150 2018] [proxy:error] [pid 18072] [client 10.178.17.41:34140] AH00898: Error reading from remote server returned by /web_api/show-groups

[Mon Apr 02 13:04:37.578421 2018] [proxy_http:error] [pid 25356] (70007)The timeout specified has expired: [client 10.178.17.41:55488] AH01102: error reading status line from remote server 127.0.0.1:50277

[Mon Apr 02 13:04:37.578492 2018] [proxy:error] [pid 25356] [client 10.178.17.41:55488] AH00898: Error reading from remote server returned by /web_api/show-groups

[Mon Apr 02 13:09:06.196842 2018] [proxy_http:error] [pid 26534] (70007)The timeout specified has expired: [client 10.178.17.41:35238] AH01102: error reading status line from remote server 127.0.0.1:50277

[Mon Apr 02 13:09:06.196915 2018] [proxy:error] [pid 26534] [client 10.178.17.41:35238] AH00898: Error reading from remote server returned by /web_api/show-groups

[Mon Apr 02 13:28:08.748437 2018] [proxy_http:error] [pid 1065] (70007)The timeout specified has expired: [client 10.178.17.41:56516] AH01102: error reading status line from remote server 127.0.0.1:50277

[Mon Apr 02 13:28:08.748505 2018] [proxy:error] [pid 1065] [client 10.178.17.41:56516] AH00898: Error reading from remote server returned by /web_api/show-groups

 

Here is a connection attempt from Firemon to Check Point

Outcomes