This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ShadowNif
Contributor
‎2024-05-06 07:10 AM
Jump to solution

gaia GUI not reachable "failed to receive handshake, SSL/TLS connection failed"

Hello, 

after update to 81.20 Gaia Webui was accessible, all of a sudden and after a couple of days it is not accessible anymore. 
 
> show web ssl-port
web-ssl-port 443

2024-05-06 16_08_19-Window.png

2024-05-06 16_13_00-Window.png

0 Kudos
2 Solutions

Accepted Solutions
ShadowNif
Contributor
‎2024-05-07 12:42 AM
Jump to solution

For some odd reason, after restart the FW it did not work. 
So i tried AGAIN to change the port, and all of a sudden it works again. That was weird, and I could not really figure it out.
Now it works with a new port, but the question of why it stops to work on the default one. 
2024-05-07 09_48_27-lagadpsec01.png

View solution in original post

0 Kudos
emmap
Employee
Employee
‎2024-05-07 12:49 AM
In response to ShadowNif
Jump to solution

We have this article with a similar issue, suggests it's a cert problem. https://support.checkpoint.com/results/sk/sk115732

View solution in original post

0 Kudos
19 Replies
the_rock
Legend
Legend
‎2024-05-06 07:37 AM
Jump to solution

2 suggestions...try setting "though all interfaces", install policy

If that fails, try change port and make sure its allowed, as per below

Screenshot_1.png

Best, 

Andy

0 Kudos
ShadowNif
Contributor
‎2024-05-06 07:48 AM
In response to the_rock
Jump to solution

I already tried that, although i have a cluster over the appliances. but still did not work. 
I think it might be something with Cert. but don't know how to really check it out .

0 Kudos
the_rock
Legend
Legend
‎2024-05-06 07:49 AM
In response to ShadowNif
Jump to solution

Did you try another port?

Andy

0 Kudos
ShadowNif
Contributor
‎2024-05-06 07:55 AM
In response to the_rock
Jump to solution

yes that was the first suggestion in the first comment 

0 Kudos
the_rock
Legend
Legend
‎2024-05-06 08:00 AM
In response to ShadowNif
Jump to solution

So is port 443 now or custom? Can you send following -> clish -c "show web ssl-port"

Andy

0 Kudos
ShadowNif
Contributor
‎2024-05-06 08:15 AM
In response to the_rock
Jump to solution

it was 443 and change it to 4434 and nothing change

 

0 Kudos
the_rock
Legend
Legend
‎2024-05-06 08:27 AM
In response to ShadowNif
Jump to solution

K, so just to make sure I get the whole "picture" here...so nothing changed except fw was upgraded to R81.20? And then web UI worked for 2 days and all of a sudden it stopped?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-06 10:37 AM
Jump to solution

Access the device via console, type "fw unloadlocal" and try again.
If this works, check the output of "cplic print" to see if you have a valid license.
If not, you'll need to generate a new evaluation license: https://community.checkpoint.com/t5/General-Topics/How-to-Request-an-Evaluation-License-for-Security... 

0 Kudos
the_rock
Legend
Legend
‎2024-05-06 12:21 PM
In response to PhoneBoy
Jump to solution

Its just a bit odd it worked for 2 days after the upgrade...I believe even with initial policy, web UI will work if its on port 443.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-06 12:47 PM
In response to the_rock
Jump to solution

Right, but unloading the policy makes sure it's not the issue.

0 Kudos
the_rock
Legend
Legend
‎2024-05-06 12:48 PM
In response to PhoneBoy
Jump to solution

Thats true, worth a try.

0 Kudos
ShadowNif
Contributor
‎2024-05-06 09:42 PM
In response to PhoneBoy
Jump to solution

I already have a lice. why this should be an issue? The FWs and cluster working fine but I cannot access the ui. 

0 Kudos
ShadowNif
Contributor
‎2024-05-06 09:45 PM
In response to PhoneBoy
Jump to solution

I tried to unloadlocal policy and install policy again. did not work! Although as  i mentioned the firewalls working fine

0 Kudos
emmap
Employee
Employee
‎2024-05-06 10:11 PM
In response to ShadowNif
Jump to solution

You have the accessibility set to 'According to policy' - what rule are your inbound connections matching on? Is there anything useful in the FW logs?

0 Kudos
ShadowNif
Contributor
‎2024-05-06 11:45 PM
In response to emmap
Jump to solution

it is going through the management interface according to the FW logs. And it is all Green. The Rule is there and working fine. 
 also in the 
httpd2_error _log

Tue May 07 08:43:19.048654 2024] [mpm_prefork:notice] [pid 5804] AH00169: caught SIGTERM, shutting down
[Tue May 07 08:43:25.457517 2024] [mime_magic:error] [pid 2504] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Tue May 07 08:43:25.481826 2024] [so:warn] [pid 2504] AH01574: module setenvif_module is already loaded, skipping
[Tue May 07 08:43:25.481847 2024] [so:warn] [pid 2504] AH01574: module headers_module is already loaded, skipping
[Tue May 07 08:43:25.484948 2024] [core:warn] [pid 2504] AH00117: Ignoring deprecated use of DefaultType in line 421 of /web/conf/httpd2.conf.
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 10.255.0.18. Set the 'ServerName' directive globally to suppress this message
[Tue May 07 08:43:25.485315 2024] [mime_magic:error] [pid 2504] (2)No such file or directory: AH01515: mod_mime_magic: can't read magic file /web/conf/magic
[Tue May 07 08:43:25.488953 2024] [mpm_prefork:notice] [pid 2504] AH00163: CPWS/2.4.55 (Unix) OpenSSL/1.1.1w configured -- resuming normal operations
[Tue May 07 08:43:25.488989 2024] [core:notice] [pid 2504] AH00094: Command line: '/web/cpshared/web/Apache/2.2.0/bin/httpd2 -f /web/conf/httpd2.conf -D FOREGROUND'
[Tue May 07 08:43:26.489827 2024] [:error] [pid 2507] [client 127.0.0.1:54482] libwrap/mod_hosts_access: connection refused from 127.0.0.1 to httpd@127.0.0.1

 

0 Kudos
emmap
Employee
Employee
‎2024-05-07 12:00 AM
In response to ShadowNif
Jump to solution

Maybe check through this SK and see if anything helps - https://support.checkpoint.com/results/sk/sk91380

0 Kudos
ShadowNif
Contributor
‎2024-05-07 12:05 AM
In response to emmap
Jump to solution

thnx but this is the first link that comes up when you google anything related to Gaia problem, so I went through it and thats why i posted the logs in my last answer

0 Kudos
ShadowNif
Contributor
‎2024-05-07 12:42 AM
Jump to solution

For some odd reason, after restart the FW it did not work. 
So i tried AGAIN to change the port, and all of a sudden it works again. That was weird, and I could not really figure it out.
Now it works with a new port, but the question of why it stops to work on the default one. 
2024-05-07 09_48_27-lagadpsec01.png

0 Kudos
emmap
Employee
Employee
‎2024-05-07 12:49 AM
In response to ShadowNif
Jump to solution

We have this article with a similar issue, suggests it's a cert problem. https://support.checkpoint.com/results/sk/sk115732

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events