Question

Cannot connect to Checkpoint locally, I can connect through the Dashbord.

Asked by: jmoreno8238

Hi I have an old Checkpoint setup (NG with application intelligence R55) that is both our firewall and our VPN. Now I can access it through the smart dashboard, but I can't connect to it through the terminal locally, nor can I connect to it through the browser (i.e. https://<IP Adderess, no explicit port>).

Also the VPN is not working if I could connect through the terminal and go into expert mode could at least look at the logs, but this is not the case.

The thing is that whenever I try to setup the Secure Client on a machine is not exchanging keys. It always hangs at "Gathering information" or something like that.

Thank You

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-11-07 at 07:11:45ID23885343
Tags

Checkpoint

,

Checkpoint NG with Application Intelligence

,

R55

Topics

Checkpoint Firewall

,

Virtual Private Networking (VPN)

Participating Experts
2
Points
250
Comments
14

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Checkpoint FW1 Installation issues ..  NG to NG-AI R55
    We run Fw-1/VPN-1 SmallOffice. The Appliance is an Intrusion PDS2105 which is on NG FP2. The Management Station was on Windows 2000 Server NG FP3. The Management Station crashed. We reinstalled and upgraded to Windows 2003 Svr. NG FP3 does not support Win2k3 so we wa...
  2. checkpoint NG with AI VPN
    I have checkpoint NG with AI installed on a Nokia box running IPSO 3.7. I have a VPN setup with a local hospital that has a Cisco VPN concentrator 3000. My problem is this, actually there is 2 questions to this. 1st Question: currently I have a meshed VPN setup between my co...
  3. Checkpoint Express Gateway to Gateway IPSEC VPN
    I am attempting to configure Checkpoint Express Gateway to Gateway IPSEC VPN with the following parameters: - Both sites are using Checkpoint (Local: Checkpoint Express NG, remote: Checkpoint Firewall1/VPN1 4.1) - Remote Gateway must be configured as an Interoperable device ...
  4. Checkpoint NG FP3 Remote Subnet Issue
    We currently use Checkpoint NG FP3 for our firewall. I am having a problem with some remotes sites that cannot log into our domain or access the internet. Our remote site VPNs are not managed by us so check point is not controlling the VPN tunnels. From what my provider is te...
  5. Migrating Checkpoint 4.1 DES VPN to another version of …
    Hi! I have Checkpoint Firewall 4.1 DES VPN working on NT 4.0 SP6A, it works well, but have limited resources for new policies we want apply and has some vulnerabilityes and it is old, too. We are migratin NT4 to Windows 2003 Server and we want upgrade the Checkpoint Firewall ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: grimkinPosted on 2008-11-07 at 07:17:09ID: 22905090

Hi,

When you say locally, do you mean you are conected with a console cable into the console port? If this is not working try another cable and use Putty as a terminal program. If you mean that it wont let you in via SSH then you need to check that there are no rules in Dashboard preventing you from connecting; let us know how you get on.

 

by: jmoreno8238Posted on 2008-11-07 at 19:12:39ID: 22910563

When I say locally it's that the software is installed on an IBM workstation so I'm trying to connect directly with the keyboard, mouse and monitor. So no console port in my case.

 

by: yuriskPosted on 2008-11-07 at 22:55:31ID: 22911210

And what do you mean you cant access locally ?
- You dont get CLI prompt , or it doesnt accept the password . ?
What do you see on the monitor of the server when you restart or press some key on the keyboard ?

 

by: grimkinPosted on 2008-11-08 at 07:10:23ID: 22912700

Checkpoint is made up of the management server and the enforcement module - this can be all installed on one machine (standalone) or the server and enforcement module can be different machines (distributed) - can you confirm which of these you have?

If this is distributed and your management server is running on windows then there is no web interface to access.

Can you also confirm which platform(s) they are running on and which operating systems?

 

by: jmoreno8238Posted on 2008-11-08 at 17:07:34ID: 22914591

I can't login. The Checkpoint doesn't accept my user and password.

The Screen I see says:

Checkpoint NG with Application Intelligence R55
... you can also access the administration module at through your browser at
https:<checkpoints ip address>

Login: _

(Sorry I'm not at the office right now so I can't really see the specific text, but you get the idea)

For example lets say that I use the following credential to access the checkpoint through the Smart Dashboard

U: admin
P: something1
(This can be done through one specific IP address)

But whenever I go to the server I use the same user and I get invalid credentials or something similar.

Also if I try the same user with the password for expert mode I get invalid credentials as well
and I know that I've accessed this server before.

Maybe something expired...

I don't know about the "management server and the enforcement module" but there is a web interface.
However for VPN connection we always use either the Secure Remote or the Secure Client.

It's running on linux. Whenever I used to access the expert mode what I got was a bash shell. I don't remember which distro though.

I hope that I was able to answer all of you questions.

 

by: grimkinPosted on 2008-11-09 at 08:44:12ID: 22916839

Ok,

Firstly the username and password for dashboard are not the same as for when you are accessing the server directly - for this you need the operating system username / pass which was set when the system was first set up.

By the sounds of it you are using SecurePlatform (SPlat) and the expert mode password can only be used once you have logged in to the default shell (cpshell) unless you specifically changed this previously.

However, if you know the expert password you may be able to log in if you remember your expert password: Reboot and press a key to see the boot menu - choose "Start in maintenance mode" and you will be asked for your expert password. This should log you in to single user mode with a # prompt where you can type "passwd" and enter a new password - this should reset both normal and expert user.

 

by: jmoreno8238Posted on 2008-11-09 at 14:10:52ID: 22917961

Oh ok .

Does checkpoint run under root or should it be another user?

 

by: grimkinPosted on 2008-11-09 at 14:22:50ID: 22918014

The admin user has the same privileges as root.

 

by: jmoreno8238Posted on 2008-11-09 at 14:29:09ID: 22918034

So could the user for accessing checkpoint be admin also, and just a different password?

 

by: grimkinPosted on 2008-11-10 at 03:08:43ID: 22920457

The user for accessing the console is always "admin", the user for accessing dashboard is flexible and usually defined when the SmartCenter is first set up although it can be changed via cpconfig. Yes, this could also be admin but with a different password.

Note: Other fw administrators can be defined and edited through the dashboard users tab but not the one which is defined through cpconfig.

The thing to bear in mind is that the admin user for the console and the admin user for dashboard are 2 different and separate accounts.

 

by: grimkinPosted on 2008-11-10 at 03:11:11ID: 22920465

Also meant to say that if you cannot access the web interface then there is most likely a firewall rule restricting this. Typically access to the gateway is restricted to specific admin workstation IP addresses.

 

by: jmoreno8238Posted on 2008-11-10 at 09:25:57ID: 22923526

Perfect! Thanks for the great explanation I'm a little new to checkpoint.
I think that I have an idea of what would the other password be.

Do you have any idea as to what could cause the checkpoint's VPN suddenly stop working?

One thing I know is that nobody has modified the configuration, unless somebody hacked it!...

This firewall was reinstalled earlier this year and the guy didn't even leave any license information,
but I wasn't in charge of supervising him or anything. I'm fearing that it might be a licensing issue, and
maybe checkpoint has some sort of tool to verify that.

Thank you

 

by: grimkinPosted on 2008-11-10 at 09:46:01ID: 22923698

No worries!

It's probably not a licensing issue as the maximum eval license time is 30 days after which everything would stop working - the fact that you can log into dashboard means that your license is ok - the details of it can be viewed in SmartUpdate under the licensing tab.

As regards the VPNs, I would make sure that you can get logged in and all of that is working, then open another question as it is a different problem than the one you opened this question with. Once you're sorted here then we can debug the VPN issue.

HTH

 

by: jmoreno8238Posted on 2008-11-10 at 09:48:12ID: 22923726

Ok thank you

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...