Print Download PDF Send Feedback

Previous

Next

Management Portal

In This Section:

Overview of Management Portal

Deploying the Management Portal on a Dedicated Server

Deploying the Management Portal on the Security Management

Management Portal Commands

Limiting Access to Specific IP Addresses

Management Portal Configuration

Connecting to the Management Portal

Using the Management Portal

Troubleshooting Tools

Overview of Management Portal

Management Portal enables web-based administration and troubleshooting of the Security Management server. The Management Portal product is included on the release DVD.

The product can be deployed on a dedicated server, or alongside the Security Management server. SSL encrypted connections are used to access the Management Portal web interface. Administrative access can be limited to specific IP addresses. Dedicated administrator users can be limited to Management Portal access only.

Note - Management Portal does not support IPv6.

Deploying the Management Portal on a Dedicated Server

When deploying the Management Portal on a dedicated server, the following actions should be taken to successfully integrate the Management Portal Server with the Security Management server.

  1. During the Management Portal installation you will be asked to choose a SIC (Secure Internal Communication) password that will be used to establish trust with the Security Management server.
  2. On the Security Management server create a network object to represent the Management Portal server.
    • Fill in the network objects properties.
    • Select Management Portal from the Management tab of the Software Blades list.
  3. Add access rules to allow administrative access to the Management Portal Server.
  4. Create administrator users with Management Portal permissions if you want to restrict access to the Management Portal.
    • Administrator users can be limited to Management Portal access only using a Permission profile. Create a Permission profile by selecting the Allow access via Management Portal only permission for the specific administrator.

Deploying the Management Portal on the Security Management

When deploying the Management Portal alongside the Security Management server, the following actions should be taken to successfully integrate the Management Portal component with the Security Management server.

  1. Modify the Security Management server network object to include the Management Portal in its Software Blades list if the Management Portal was installed after the Security Management server. If the Management Portal and the Security Management server were installed from the same wrapper this step is unnecessary.
  2. Add access rules to allow administrative access using TCP 4433 to the Security Management server itself.
  3. Create administrator users with Management Portal permissions if you want to restrict access to the Management Portal.
    • Administrator users can be limited to Management Portal access only using a Permission profile. Create a Permission profile by selecting the Allow access via Management Portal only permission for the specific administrator.

Management Portal Commands

Limiting Access to Specific IP Addresses

To allow only specific IP addresses or networks to access the Management Portal, stop the Management Portal and create the hosts.allow file under the Management Portal conf directory (in Windows: C:\program files\CheckPoint\<version>\SmartPortal\portal\conf and in Linux and SecurePlatform: /opt/CPportal-<version>/portal/conf). If the hosts.allow file is not in the Management Portal conf directory you should create it if it is required.

The file format is:

ALL: ALL (to allow all IPs)

ALL: x.x.x.x (to allow specific IPs)

ALL: x.x.x.x/y.y.y.y (to allow specific networks where x.x.x.x is the IP

address and y.y.y.y is the netmask)

Management Portal Configuration

The following Management Portal product properties can be modified by editing the cp_httpd_admin.conf conf file. This file can be found in the Management Portal conf directory.

Note - Any modifications to the cp_httpd_admin.conf file should be done after performing SmartPortalStop.

Connecting to the Management Portal

To connect to the Management Portal:

  1. Open one of the supported browsers and point it to:

    https://<Security Management_server_ip>:4433

  2. Authenticate, when requested.

Using the Management Portal

To use the Management Portal, when you connect to it, click the HELP button to display the Management Portal Online Help. The Online help explains the functionality of each window.

Troubleshooting Tools

These are the tools you can use to troubleshoot Management Portal.

Error logs

To see the web daemon (cpwmd) and the web server (cp_http_serve) errors, see the error log files. They are located in the Management Portal log directory:

Web demon error log file: cpwmd.elg

Web server error log file: cphttpd.elg

Debug information

Data logs

To see CGI log messages of incoming and outgoing data:

  1. Run this command to stop the daemon: cpwd_admin stop -name CPHTTPD
  2. Set the CPWM_DEBUG environment variable to 1
  3. Run cp_http_server.

The output will be written to the cgi_log.txt and cgi_out.txt files in the temp directory (c:\temp on Windows and /tmp on Unix/Linux/SPLAT).