Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matlu
Advisor

No WebUI or CLI access

Hello, everyone.

Merry Christmas.

I have a problem to be able to access by WebUI and CLI to my GW.
Having the problem of not being able to access by CLI, I cannot run diagnostic commands.

In the SmartConsole logs, you can see that initially the traffic to access the WebUI of the GW, matches with my explicit rule of the Firewall layer, but then automatically seems to match with another rule that says "Implied Rule", and I just can't access.

ER1.jpg

ER2.jpg

ER3.jpg

Does anyone know how to fix this error?

Regards.

0 Kudos
7 Replies
Danny
Champion Champion
Champion

I suggest to change the default SSL port 443 to a non-standard port, such as 4434.

image.png

What is your log showing for CLI connection attempts to CPGW?
Are you able to send script commands to CPGW from SmartConsole (right click on CPGW to run those)?

0 Kudos
Matlu
Advisor

Hello,

I have not worked with script to date, but it may be the best time to learn how to do it.

Could you point me to a script to validate your query? Please.

I understand that I can do this from the SmartConsole.
As I see the scripts from this manager, are supported since version R80.20.

Greetings.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Please review sk134872 and check the logs again after the changes.

Noting that you only permit a destination of internet in the layer. How does the logs look for the SSH traffic?

 

CCSM R77/R80/ELITE
0 Kudos
Matlu
Advisor

Hi Chris.

I have 2 layers.
1- Network layer.
2- APPC+URLF layer.

If you notice, the logs show me that the traffic matches with the explicit rule created in the network layer (attached image), but the problem is that after that, the traffic just starts to match with the "Implied" rule that as I see, belongs to the APPC+URLF layer.

ER4.jpg


I hope to be clear with my explanation and query.

Greetings.

0 Kudos
the_rock
Legend
Legend

Didnt you post about this recently and showed you had any any drop at the bottom of 2nd ordered layer? Apologies if that was someone else, but I am fairly certain it was indeed you. If so, please change that rule, as all traffic would be blocked.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As per your previous thread we're trying to help but you are not following directions about how layers work or providing the requested information.

Did you change the platform portal url port to start?

Afterwards do you see the same log / drop reasons for both SSH & Web UI access?

 

CCSM R77/R80/ELITE
0 Kudos
genisis__
Leader Leader
Leader

Please confirm the following, which may help:

- Did this ever work, if so, what's changed?

- Does SIC still work?

- Do you have LOM connectivity or any means to access the GW out-of-band?

- What version of CP are you running, including Jumbo?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events