WWW.CHECKPOINT.

COM WELCOME: NURULAINI MOHD RAZALI |  SIGN OUT

SELL MARKET LEARN SUPPORT MY CHECK POINT

Support Center > Search Results > SecureKnowledge Details

Search Support Center

How to troubleshoot Gaia Portal (WebUI)

Rate This My Favorites Email Print

Solution ID sk91380
Product Security Gateway, Security Management, Multi-Domain Management / Provider-1, ClusterXL, Cluster - 3rd party
Version R76, R77, R77.10, R77.20, R77.30, R80, R80.10, R80.20
OS Gaia
Platform / Model All
Date Created 16-Jan-2013
Last Modified 02-Aug-2018

Solution
Gaia has introduced an all-new Portal that provides full access to system configuration.

Gaia Portal (WebUI) architecture

Gaia Portal (WebUI) is powered by an Apache server running on the Security Gateway or Security Management server. The Apache server handles HTTPS requests of Gaia
via a CGI interface, passing the requests to the TCL scripts. Besides this, the Apache manages the sessions using a proprietary Apache module that works in coordination
with the Gaia DB and RBA roles. The Client side is based on Javascript and CSS files powered by ExtJs Javascript library. The Gaia Portal, as system portal, functions with
and without multi-portal I/S. When there is no multi-portal, the HTTPS requests go directly to the Apache process listening for HTTPS connections.

Troubleshooting needs to be conducted when you have problems accessing the Gaia Portal, for example:

User cannot access the Gaia Portal.

User cannot access specific pages of the Gaia Portal.
Log in to Gaia Portal succeeded, but then the Gaia Portal is stuck.
The browser displays errors on several pages.

Table of Contents

1. Browser displays an error

2. Error on specific page in Gaia Portal
3. Gaia Portal fails to execute a command or function
4. Gaia Portal crashes
5. Gaia Portal failed to load
6. Access to Gaia Portal failed
7. Gaia Portal failed to load showing blank page
8. Related documentation
9. Related solutions

(1) Browser displays an error

Check with other supported browsers - Internet Explorer, Firefox, Chrome and Safari - refer to Gaia Administration Guide (R75.40, R75.40VS, R76, R77.X, R80.10) and
to sk92668 - Browsers supported to work with Gaia Portal.

Open the browser console, and see if there is any error message:
in Google Chrome, press F12 and go to Console tab
in FireFox, press CTRL+Shift+J keys

Related solution:
sk118801 - "ERR_CONNECTION_REFUSED" error is displayed in web browser when connecting to Gaia Portal
 

(2) Error on specific page in Gaia Portal

Click Here to Collapse instructions for all browsers

Show / Hide instructions for Google Chrome

1. Connect to Gaia Portal using Google Chrome (but do not log in yet).

2. Enable Developer Tools - in the menu, go to More tools - click on Developer tools (or press either F12, or CTRL+Shift+I)

3. In the Developer Tools window, go to Network tab.

Recording of the network log is started automatically.

Note: It is strongly recommended to undock the Developer Tools into separate window (click on the 3 vertical dots in the upper right corner).

Example:

4. Log in to Gaia Portal.

Note: The credentials are not recorded in the network log.

5. Replicate the issue:

A. Navigate to the problematic page / section

B. Take the screenshot of Gaia Portal before the issue

C. Perform the relevant actions to replicate the issue

D. Take the screenshot of Gaia Portal after the issue

6. Wait for 1-2 minutes.

7. Stop recording network log - click on the red circle.

 8. Right-click on any of the files at the bottom - select Save as HAR with content - save the <IP_Address_of_Gaia_Portal>.har file on your computer.

Example:

9. Send the following files from the involved Gaia machine to Check Point Support:

CPinfo file
/web/cgi-bin2/*
/web/htdocs2/js/*
/var/log/messages*
Recorded network log (HAR file)

Show / Hide instructions for Firefox

1. Connect to Gaia Portal using Firefox (but do not log in yet).

2. Enable Developer Tools in Network mode - go to the upper right-menu - click on Developer - click on Network (or press CTRL+Shift+Q):

3. Click on the Clock icon to start performance analysis.

Note: It is strongly recommended to undock the Developer Tools into separate window (click on the 2-windows icon in the upper right corner).
 4. Click on the Back button to see all the loaded scripts and images.

Example:

5. Log in to Gaia Portal.

Note: The credentials are not recorded in the network log.

6. Replicate the issue:

A. Navigate to the problematic page / section

B. Take the screenshot of Gaia Portal before the issue

C. Perform the relevant actions to replicate the issue

D. Take the screenshot of Gaia Portal after the issue

7. Wait for 1-2 minutes.

8. Right-click on any of the files - select Save All As HAR - save the <Archive DD-MM-YY HH-MM-SS>.har file on your computer.

Example:

9. Send the following files from the involved Gaia machine to Check Point Support:

CPinfo file
/web/cgi-bin2/*
/web/htdocs2/js/*
/var/log/messages*
Recorded network log (HAR file)

Show / Hide instructions for Internet Explorer

1. Download and install HttpWatch on the computer, from which you will connect to Gaia Portal.

2. Start the HttpWatch capture (refer to HttpWatch Help file, or online version).

3. Connect to Gaia Portal using Internet Explorer.

4. Log in to Gaia Portal.

 5. Replicate the issue:

A. Navigate to the problematic page / section

B. Take the screenshot of Gaia Portal before the issue

C. Perform the relevant actions to replicate the issue

D. Take the screenshot of Gaia Portal after the issue

6. Wait for 1-2 minutes.

7. Stop the HttpWatch capture.

8. Export the HttpWatch capture to HAR format.

9. Send the following files from the involved Gaia machine to Check Point Support:

CPinfo file
/web/cgi-bin2/*
/web/htdocs2/js/*
/var/log/messages*
Exported HttpWatch capture (HAR file)

(3) Gaia Portal fails to execute a command or function

Check the same command in Gaia Clish:

If the command works correctly - Probably, this is a Gaia Portal problem.

Check browser logs. Refer to section "Browser displays an error".

Check TCL server side logs:
Using the browser console or Apache logs /usr/local/apache2/logs, find the name of the TCL file being accessed by the browser.
Every TCL file has its debug file. Edit the TCL file that is located in the the /web/cgi-bin2/ directory.
Look for the debug file name (should be something like /tmp/<feature>.debug).
Examine this log file.
Check /var/log/messages file to see errors of ipstcl process (the TCL interpreter).

If the command does not work - Probably, this is Gaia Database problem. Check the /var/log/messages file.

(4) Gaia Portal crashes

Check browser logs with the browser console.

Check the relevant log files:

/var/log/messages* files
Apache logs in the /usr/local/apache2/logs/ directory

(5) Gaia Portal failed to load

The reasons for this issue can vary and may occur at different layers.
Below are steps and instructions on how to narrow the troubleshooting scope.

Check if you have connectivity to the machine from the client machine via ping.
Capture the traffic with tcpdump to see if pings can reach the machine.

When browsing to the Gaia portal, check the HTTPS connections:

Capture the traffic with tcpdump to see that the HTTPS connections are being seen on the machine.

If HTTPS connections are seen on the machine, and this machine is Security Gateway / Cluster member,
then run a simple kernel debug to check these HTTPS connections are dropped: fw ctl zdebug + drop.
 If there is a doubt, and this machine is NOT connected to any network (except your test computer),
then try unloading the Firewall policy: fw unloadlocal (to reload the policy, run: fw fetch localhost command).

Check if the Multi-Portal is not routing the Gaia connections to the wrong portal.
Run fw ctl zdebug + crypt command.
If there is a doubt, and this machine is NOT connected to any network (except your test computer),
then try unloading the Firewall policy to disable Multi-Portal: fw unloadlocal (to reload the policy, run: fw fetch localhost command).

If indeed Multi-Portal routes the Gaia connections to the wrong portal, then check that the Gaia Portal port is configured
in SmartDashboard in the corresponding object and see that the browser connects to the same port.

Check the Apache server logs to see if Gaia connections arrive at the Apache server:

Examine the files in the /usr/local/apache2/logs/  

Examine the files /var/log/httpd2_* and /var/log/httpd_*

Check the ownership and permissions of the TCL files in the /web/cgi-bin2/ directory with ls -al /web/cgi-bin2/ command.
These TCL files should have:
The following ownership: admin root
The following permissions: -r-xr-xr-x

Note: the httpd_dyno.tcl file located in this directory, has different permissions since it is obsolete and is not used by Gaia Portal anymore.

To correct the ownership / permissions, run:

For ownership: chown -v admin:root /web/cgi-bin2/*
For permissions: chmod -v a=rx /web/cgi-bin2/*

Check the ownership and permissions of /usr/bin/cgisu file with ls -l /usr/bin/cgisu command.
This file should have:
The following ownership: admin config
The following permissions: -r-sr-x---

To correct the ownership / permissions, run:

For ownership: chown -v admin:config /usr/bin/cgisu*
For permissions: chmod -v 4550 /usr/bin/cgisu

Check that the files /web/conf/server.key and /web/conf/server.crt are not empty with the following commands:
cat /web/conf/server.key
cat /web/conf/server.crt

Related solutions:
sk97648: How to create and set certificate for Gaia Portal
sk108252: How to change Gaia Portal's certificate from SHA-1 to SHA-256
sk109593: How to configure Gaia Portal to use a 3rd party CA-issued Wildcard certificate

(6) Access to Gaia Portal failed

Check the ownership and permissions for /tmp directory.

This directory should have:

The following ownership: admin root

The following permissions: drwxrwxrwt

To correct the ownership / permissions, run:

For ownership: chown -v admin:root /tmp

For permissions: chmod -v a=rwxt /tmp

(7) Gaia Portal failed to load showing only blank page

Enable JavaScript in your browser. For more information, refer to http://www.enable-javascript.com.

 

(8) Related documentation

Gaia Administration Guide (R75.40, R75.40VS, R76, R77.X, R80.10)

Release Notes (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77, R77.10, R77.20, R77.30, R80, R80.10)

(9) Related solutions

sk84561 - How to debug the Gaia Portal

sk89100 - Cannot connect to WebUI after changing name of Security Gateway
sk65319 - SecurePlatform WebUI / Gaia Portal is not accessible/responsive on Check Point appliance after upgrade
sk111167 - Some pages in Gaia Portal are stuck at "Loading...", or blank

Give us Feedback Please rate this document [1=Worst,5=Best]

Enter your comment here

Comment 

©1994-2018 Check Point Software Technologies Ltd. All rights reserved.

Copyright | Privacy Policy