blog.IT

Issue: unable to connect to ICA management tool using https Check the log file $FWDIR/log/cpca.elg  >>  "unable to get ssl params : no such file or directory" << Try to connect using http only: $ cpca_client set_mgmt_tool off $ cpca_client set_mgmt_tool on -no_ssl If you can connect then do the following in CLI:  - cpconfig  - menu 6 : Certificate Authority  - Do you want to change it (y/n) [n] ? y  - Please enter the name of this Internal CA: <your_ICA_name> (ie: Smartcenter.intranet.test)  - Are you sure you want to change the Internal CA name (y/n) [n] ? y  - exit cpconfig  - run: cpstop && cpstart   Now try to connect on  https://<your-smartcenter-ip>:18265 It should work fine! Note: CA will remain the same, no impact on certificates.

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see To activate scp file transfer with a CheckPoint SPLAT [fw] scp cpinfo.tgz  admin@192.168.1.1: The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established. RSA key fingerprint is 33:ff:72:0d:d6:57:53:16:d6:60:da:7e:f8:61:71:a8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts. admin@xx.xx.xx.xx’s  password: lost connection To resolve this do the following 1. change the admin shell from /bin/cpshell to /bin/bash chsh admin Changing shell for admin. New shell [/bin/cpshell]: /bin/bash Shell changed . ==> this will allow you winscp 2. create a new file “touch /etc/scpusers” 3. edit the file and add the users you want to allow for scp echo admin >> /etc/scpusers result: cat /etc/scpusers admin 4. restart the ssh service service sshd restart