Solution ID: sk12120 Average Rating: Error: “connection cannot be initiated, make sure server is up and running” Product: SmartView Tracker, SmartDashboard Version: NGX R60, NGX R61, NGX R62, NG AI, NG, NGX R65 Last Modified: 12-十二月-2007 Symptoms SmartDashboard is unable to connect to the SmartCenter server. Error message is displayed when attempting to login to the SmartDashboard. Error: “Check Point Management Client”. Error: “Connection cannot be initiated.” Error: “Make sure that the Server ” is up and running.” Error message is seen in the $FWDIR/log/fwm.elg file on the SmartCenter server. Error: “Login Failed: is not allowed for remote login”. Issuing cpstop / cpstart on the SmartCenter server does not address the problem.
Select Start > Programs > Check Point Management Clients > Check Point Configuration NG. In the Check Point Configuration Tool dialog box, select the GUI Clients tab. Enter the IP address of the GUI Client (ie. 192.168.2.100) in the Remote hostname field. By clicking on the 'download' button, you expressly agree to be bound by the terms and conditions of this download agreement. This Software Download Agreement (“Agreement”) is between you (either as an individual or company) and Check Point Software Technologies Ltd. ('Check Point'), for the software and documentation provided by this.
Cause The SmartDashboard machine’s IP address has not been entered successfully with the cpconfig utility. Solution This solution addresses the following situations: GUI client is not properly registered under cpconfig (in SmartCenter Server). TCP 18190 is blocked/filtered between the GUI client and SmartCenter Server. The firewall itself (on the SmartCenter Server) is blocking GUI client connections.
This solution does not address situations where the GUI client is on the same machine as the SmartCenter Server. To enter the SmartDashboard machine’s IP address using the cpconfig utility, proceed as follows: SOLARIS, IPSO, SPLAT and Linux On the SmartCenter server Issue the cpconfig command.
Use the cpconfig utility in the following way (in this example the SmartDashboard machine’s IP address is 192.168.2.100): —————————————- # cpconfig This program will let you re-configure your VPN-1 & FireWall-1 configuration. Configuration Options: ———————- (1) Licenses (2) Administrators (3) GUI clients (4) SNMP Extension (5) Groups (6) PKCS#11 Token (7) Random Pool (8) Certificate Authority (9) Certificate’s Fingerprint (10) Automatic start of Check Point Products (11) Exit Enter your choice (1-11):3 Configuring GUI clients GUI clients are trusted hosts from which Administrators are allowed to log on to the SmartCenter server using Windows/X-Motif GUI. Do you want to Create a new list, Add or Delete one?: a Enter resolvable host name or an IP: 192.168.2.100 192.168.2.100 will be added as a GUI client.
Are you sure? Y 192.168.2.100 was added successfully! Do you want to add another one? N Configuration Options: ———————- (1) Licenses (2) Administrators (3) GUI clients (4) SNMP Extension (5) Groups (6) PKCS#11 Token (7) Random Pool (8) Certificate Authority (9) Certificate’s Fingerprint (10) Automatic start of Check Point Products (11) Exit Enter your choice (1-11):11 Thank You # —————————————- Login with the GUI Client. WINDOWS On the SmartCenter server (for Windows NT / 2000) Select Start Programs Check Point Management Clients Check Point Configuration NG. In the Check Point Configuration Tool dialog box, select the GUI Clients tab. Enter the IP address of the GUI Client (ie.
192.168.2.100) in the Remote hostname field. Click on the “Add -” button Click on OK in the Check Point Configuration Tool window.
Note: If procedures above do not resolve the GUI client being unable to successfully connect to the SmartCenter server, verify the TCP port 18190 is not filtered or blocked between the GUI client and the SmartCenter server. On the FireWall-1 NG Policy Editor, TCP port 18190 is a pre-defined service called CPMI (Check Point Management Interface). If a firewall module is filtering or blocking the CPMI (Check Point Management Interface) service between the GUI client and SmartCenter server, a rule similar to the following example may need to be added: SOURCE: GUIclient (GUI client machine) DESTINATION: SmartCenter server (SmartCenter server) SERVICE: CPMI (TCP port 18190) ACTION: accept TRACK: Log In addition to allowing the CPMI (Check Point Management Interface) service between the GUI client and SmartCenter server, verify “Accept VPN-1 & FireWall-1 control connections” is enabled in Global Properties. Since the firewall module on the SmartCenter server itself is filtering or blocking the CPMI (Check Point Management Interface) service in this case, it may be necessary to uninstall the current security policy before a new policy can be installed. This can be done with the following procedure:On the security gateway, issue the command fwm unload localhost.
Once the security policy is uninstalled from the security gateway, on the SmartCenter server, “Accept VPN-1 & FireWall-1 control connections” can be enabled by the following procedures: On the SmartDashboard Select Policy Global Properties. In Global Properties dialog box, select FireWall-1 from the left pane. In FireWall-1 Implied Rules properties, enable “Accept VPN-1 & FireWall-1 control connections”. Click OK in Global Properties dialog box. Install security policy. If the “Accept VPN-1 & FireWall-1 control connections” check box needs to be unchecked in the Global Properties, the CPMI (Check Point Management Interface) service can be allowed between the GUI client and SmartCenter server by an explicitly defined rule in the rulebase. A rule similar to the following example will allow the CPMI (Check Point Management Interface) service between the GUI client and the SmartCenter server: SOURCE: GUIclient (GUI client machine) DESTINATION: SmartCenter server (SmartCenter server) SERVICE: CPMI (TCP port 18190) ACTION: accept TRACK: Log.
Note: If after running a ‘log switch’ you are unable to log in, follow this procedure: Reboot your SmartCenter server. When prompted to approve the new fingerprint – Approve. SmartDashboard should now open successfully.
![]()
Solution ID: sk12120 Average Rating: Error: “connection cannot be initiated, make sure server is up and running” Product: SmartView Tracker, SmartDashboard Version: NGX R60, NGX R61, NGX R62, NG AI, NG, NGX R65 Last Modified: 12-十二月-2007 Symptoms SmartDashboard is unable to connect to the SmartCenter server. Error message is displayed when attempting to login to the SmartDashboard. Error: “Check Point Management Client”. Error: “Connection cannot be initiated.” Error: “Make sure that the Server ” is up and running.” Error message is seen in the $FWDIR/log/fwm.elg file on the SmartCenter server. Error: “Login Failed: is not allowed for remote login”.
Issuing cpstop / cpstart on the SmartCenter server does not address the problem. Cause The SmartDashboard machine’s IP address has not been entered successfully with the cpconfig utility. Solution This solution addresses the following situations: GUI client is not properly registered under cpconfig (in SmartCenter Server).
TCP 18190 is blocked/filtered between the GUI client and SmartCenter Server. The firewall itself (on the SmartCenter Server) is blocking GUI client connections. This solution does not address situations where the GUI client is on the same machine as the SmartCenter Server. To enter the SmartDashboard machine’s IP address using the cpconfig utility, proceed as follows: SOLARIS, IPSO, SPLAT and Linux On the SmartCenter server Issue the cpconfig command.
Use the cpconfig utility in the following way (in this example the SmartDashboard machine’s IP address is 192.168.2.100): —————————————- # cpconfig This program will let you re-configure your VPN-1 & FireWall-1 configuration. Configuration Options: ———————- (1) Licenses (2) Administrators (3) GUI clients (4) SNMP Extension (5) Groups (6) PKCS#11 Token (7) Random Pool (8) Certificate Authority (9) Certificate’s Fingerprint (10) Automatic start of Check Point Products (11) Exit Enter your choice (1-11):3 Configuring GUI clients GUI clients are trusted hosts from which Administrators are allowed to log on to the SmartCenter server using Windows/X-Motif GUI. Do you want to Create a new list, Add or Delete one?: a Enter resolvable host name or an IP: 192.168.2.100 192.168.2.100 will be added as a GUI client. Are you sure? Y 192.168.2.100 was added successfully! Do you want to add another one?
N Configuration Options: ———————- (1) Licenses (2) Administrators (3) GUI clients (4) SNMP Extension (5) Groups (6) PKCS#11 Token (7) Random Pool (8) Certificate Authority (9) Certificate’s Fingerprint (10) Automatic start of Check Point Products (11) Exit Enter your choice (1-11):11 Thank You # —————————————- Login with the GUI Client. WINDOWS On the SmartCenter server (for Windows NT / 2000) Select Start Programs Check Point Management Clients Check Point Configuration NG. In the Check Point Configuration Tool dialog box, select the GUI Clients tab. Enter the IP address of the GUI Client (ie. 192.168.2.100) in the Remote hostname field. Click on the “Add -” button Click on OK in the Check Point Configuration Tool window.
Note: If procedures above do not resolve the GUI client being unable to successfully connect to the SmartCenter server, verify the TCP port 18190 is not filtered or blocked between the GUI client and the SmartCenter server. On the FireWall-1 NG Policy Editor, TCP port 18190 is a pre-defined service called CPMI (Check Point Management Interface).
If a firewall module is filtering or blocking the CPMI (Check Point Management Interface) service between the GUI client and SmartCenter server, a rule similar to the following example may need to be added: SOURCE: GUIclient (GUI client machine) DESTINATION: SmartCenter server (SmartCenter server) SERVICE: CPMI (TCP port 18190) ACTION: accept TRACK: Log In addition to allowing the CPMI (Check Point Management Interface) service between the GUI client and SmartCenter server, verify “Accept VPN-1 & FireWall-1 control connections” is enabled in Global Properties. Since the firewall module on the SmartCenter server itself is filtering or blocking the CPMI (Check Point Management Interface) service in this case, it may be necessary to uninstall the current security policy before a new policy can be installed. This can be done with the following procedure:On the security gateway, issue the command fwm unload localhost.
Once the security policy is uninstalled from the security gateway, on the SmartCenter server, “Accept VPN-1 & FireWall-1 control connections” can be enabled by the following procedures: On the SmartDashboard Select Policy Global Properties. In Global Properties dialog box, select FireWall-1 from the left pane. In FireWall-1 Implied Rules properties, enable “Accept VPN-1 & FireWall-1 control connections”. Click OK in Global Properties dialog box. Install security policy. If the “Accept VPN-1 & FireWall-1 control connections” check box needs to be unchecked in the Global Properties, the CPMI (Check Point Management Interface) service can be allowed between the GUI client and SmartCenter server by an explicitly defined rule in the rulebase.
![]()
A rule similar to the following example will allow the CPMI (Check Point Management Interface) service between the GUI client and the SmartCenter server: SOURCE: GUIclient (GUI client machine) DESTINATION: SmartCenter server (SmartCenter server) SERVICE: CPMI (TCP port 18190) ACTION: accept TRACK: Log. Note: If after running a ‘log switch’ you are unable to log in, follow this procedure: Reboot your SmartCenter server. When prompted to approve the new fingerprint – Approve.
SmartDashboard should now open successfully.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |