This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2022-11-23 03:01 PM
Jump to solution

No access through WebUI and SSH in Standalone Deployment

Hello, team.


I currently have a standalone architecture, which is a R80.30 version, "mounted" on an OPEN SERVER.

I am having problems accessing my machine both via WebUI and SSH.

When I do Telnet tests, from my PC to the admin IP of my GW, it works as follows :

Telnet <IP GW> 443 -> YES IT WORKS (OPENS THE PORT)
Telnet <IP GW> 22 -> DOES NOT WORK (DOES NOT OPEN THE PORT)
PING <IP GW> -> NO RESPONSE
Tracert -d <IP GW> -> Lost on the fourth hop.

SSHWEBUI.jpg
WEBUI3.jpgSSHWEBUI2.jpg

Not having access with my SSH credentials or WebUI, I am limited in troubleshooting.

Any idea how to solve this problem, or what could be the cause?

Note: I do have access through SmartConsole R80.30, and the IP of my PC, is 10.61.45.237

Thanks for your comments.

 

0 Kudos
1 Solution

Accepted Solutions
Matlu
MVP Silver
MVP Silver
‎2022-11-23 04:12 PM
In response to Chris_Atkinson
Jump to solution

Problem Solved:

Hi, Chris.

I found the solution.

There was a bad documentation of the security policies that were created.

We made an edit to one of the security rules, allowing access to our IP, and this solved the error.

Thank you for your support.

Thanks for your support.

8)

 

View solution in original post

5 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-23 03:24 PM
Jump to solution

Regarding access to the Web UI have you reviewed sk134872 ?

What logs do you observe if any regarding SSH attempts?

CCSM R77/R80/ELITE
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2022-11-23 03:49 PM
In response to Chris_Atkinson
Jump to solution

Hello,

Yes I have checked the SK mentioned.

In my case, the port to access the WebUI, is the default.
We have not modified anything.

The access was working fine, but suddenly it stopped working.

As we no longer have WEB or SSH access, it is difficult to perform TSHOOT, in this scenario.

Is it advisable to ask another colleague who has an administrator account on the computer to check my accesses?

In one of my pictures, I share a tracert to reach my GW, and you can see that the traffic stays on the 4th hop.
Can the equipment on the 4th hop be the cause of this problem of not having full access?

Regarding your question, when I make an attempt to connect via SSH, I see the following in the picture

SSHWEBUI4.jpg


Greetings.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-23 03:59 PM
In response to Matlu
Jump to solution

Currently the logs suggest the policy simply needs to be changed to allow the access.


Without additional context it's difficult to determine why this may have changed e.g.

- Where there any new blade activations performed recently?

- Where there any upgrades/hotfixes installed recently?

- Any other maintenance or policy clean-up performed?

CCSM R77/R80/ELITE
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2022-11-23 04:12 PM
In response to Chris_Atkinson
Jump to solution

Problem Solved:

Hi, Chris.

I found the solution.

There was a bad documentation of the security policies that were created.

We made an edit to one of the security rules, allowing access to our IP, and this solved the error.

Thank you for your support.

Thanks for your support.

8)

 

the_rock
MVP Platinum
MVP Platinum
‎2022-11-23 04:41 PM
In response to Matlu
Jump to solution

Standalone config, always look for initial policy as well : - )

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events