Re: [FW-1]

[mike [Permanent Link]]

Are you using Smartdashboard to login or are you trying to log in via a web
browser?

If you are trying to log in via a web browser check the file
/etc/sysconfig/webgui_clients to see if the machine you want to use is in
that file.

If you are trying to log in via Smartdashboard check the file
/etc/fw/conf/gui-clients and make sure the ip is in that file.  If it isn't
add it and push the fw policy.  You can push the policy with 'fw stat' to
get the policy name and 'fw load <policy_name>'.



At 02:19 PM 5/24/2004 -0500, you wrote:

> I am reading the document Getting started NG FP3 and it is talking about
> adding smart clients so that they can access the FW w/ a gui, but the doc
> does not tell you what smart center app you are suppose to use to do this.
>
>
>
> Here is the excerpt from the doc:
>
> To Add a SMART clients
>
>
>
> Enter the SMART clients's name and click on Add to add it to the list of
> allowed
>
> SMART clients. You can add SMART clients using any of the following formats
>
> . IP address (For example 1.2.3.4).
>
> . Machine name (For example Alice, or Alice.checkpoint.com).
>
> . Any (Any IP without restriction).
>
> . IP1-IP2 (A range of addresses. For example 1.2.3.4-1.2.3.40).
>
> . Wild cards (For example 192.140.150.* or *.checkpoint.com).
>
> The connection between the SMART clients and the SmartCenter Server is
> enabled in
>
> SmartCenter by checking the Accept VPN-1 & FireWall-1 control connections
> property in
>
> the FireWall-1 Implied Rules page of the Global Properties window.
>
> If the connection between the SMART clients and the SmartCenter Server
> passes
>
> through a VPN/FireWall Module, then the Security Policy must be re-installed
> on the
>
> VPN/FireWall Module so that the newly added SMART clients can connect to the
>
> SmartCenter Server.
>
> To Remove a SMART clients
>
>
>
> To remove a SMART clients from the allowed list, select it and click on
> Remove.
>
> Note - When specifying SMART clients using any formats OTHER THAN the IP
> address, you
>
> must add an explicit rule in the Rule Base allowing the SMART clients to
> connect to the
>
> SmartCenter Server. For example:
>
> Source-Network Address Range, Destination-SmartCenter Server, Service-CPMI,
>
> Action-Accept.
>
> If specifying a SMART clients using a single IP address or machine name, an
> explicit rule
>
> is not required.
>
>
>
> Should this be done in Dashboard if so where?  I can not find where you can
> do this from.
>
>
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Figaro,
> Nicolas
> Sent: Friday, May 21, 2004 10:49 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1]
>
>
>
> Hi,
>
>
>
> Did you check that your management GUI was allowed to connect to your
>
> server using the checkpoint gui port ??
>
> ( check in your log files ).
>
>
>
> You don't have to reboot when you change the GUI list.
>
>
>
> NF
>
>
>
> > -----Original Message-----
>
> > From: Mike Blanco [mailto:michael.blanco AT ATOSORIGIN DOT COM]
>
> > Sent: Friday, May 21, 2004 4:55 PM
>
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>
> > Subject: [FW-1]
>
> >
>
> > I have added multiple ip addresses as management consoles on
>
> > my Secure Platform machine
>
> >
>
> >
>
> >
>
> > Example:
>
> >
>
> >
>
> >
>
> > 192.168.1.5
>
> >
>
> > 192.168.1.3
>
> >
>
> >
>
> >
>
> > For some reason the only one that I can ever login in with is
>
> > the one that I used the very first time after I did the
>
> > install of Secure Platform.  So the way I logged in the first
>
> > time was to open up a IE browser
>
> > https:192.168.1.253 and go through the setup wizard.  Then
>
> > when I want to add more management consoles I do with
>
> > cpconfig and then I will reboot the secure platform and try
>
> > to login from the new machine but with no luck.  Is there
>
> > something else that I should be looking for here?  Any help
>
> > is greatly appreciated as I am a newbie to checkpoint.
>
> >
>
> >
>
> >
>
> > Thanks
>
> >
>
> >
>
> >
>
> > MB
>
> >
>
> >
>
> >
>
> >
>
> > =================================================
>
> > To set vacation, Out-Of-Office, or away messages, send an
>
> > email to LISTSERV AT amadeus.us.checkpoint DOT com
>
> > in the BODY of the email add:
>
> > set fw-1-mailinglist nomail
>
> > =================================================
>
> > To unsubscribe from this mailing list,
>
> > please see the instructions at
>
> > http://www.checkpoint.com/services/mailing.html
>
> > =================================================
>
> > If you have any questions on how to change your subscription
>
> > options, email fw-1-owner AT ts.checkpoint DOT com
>
> > =================================================
>
> >
>
> >
>
>
>
> =================================================
>
> To set vacation, Out-Of-Office, or away messages,
>
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>
> in the BODY of the email add:
>
> set fw-1-mailinglist nomail
>
> =================================================
>
> To unsubscribe from this mailing list,
>
> please see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
> =================================================
>
> If you have any questions on how to change your
>
> subscription options, email
>
> fw-1-owner AT ts.checkpoint DOT com
>
> =================================================
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
---------------------------------------------------------------------
www.webfargo.com
CCDA   CCNA   CCSA   CCSE   MCP+I   MCSE
PGP key available

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================