Articles

Affichage des articles du 2012

R75 ICA management tool unreachable

Issue: unable to connect to ICA management tool using https
Check the log file $FWDIR/log/cpca.elg  >> "unable to get ssl params : no such file or directory" <<
Try to connect using http only: $ cpca_client set_mgmt_tool off
$ cpca_client set_mgmt_tool on -no_ssl
If you can connect then do the following in CLI:
 - cpconfig
 - menu 6 : Certificate Authority
 - Do you want to change it (y/n) [n] ? y
 - Please enter the name of this Internal CA: <your_ICA_name> (ie: Smartcenter.intranet.test)
 - Are you sure you want to change the Internal CA name (y/n) [n] ? y
 - exit cpconfig
 - run: cpstop && cpstart
Now try to connect on https://<your-smartcenter-ip>:18265 It should work fine!
Note: CA will remain the same, no impact on certificates.

scp to checkpoint SPLAT

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see
To activate scp file transfer with a CheckPoint SPLAT [fw] scp cpinfo.tgz admin@192.168.1.1:The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established. RSA key fingerprint is 33:ff:72:0d:d6:57:53:16:d6:60:da:7e:f8:61:71:a8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts.admin@xx.xx.xx.xx’s password:lost connectionTo resolve this do the following 1. change the admin shell from /bin/cpshell to /bin/bash chsh adminChanging shell for admin. New shell [/bin/cpshell]:/bin/bash
Shell changed.==> this will allow you winscp
2. create a new file “touch /etc/scpusers” 3. edit the file and add the users you want to allow for scp
echo admin >> /etc/scpusers
result:
cat /etc/scpusers
admin
4. restart the ssh service service sshd restart  ==> this will allow you scp
5. SCP to Checkpoint SPLAT Under Wi…