Forum / Remote Desktop Manager - Feature Request

Firewall application support

  • Create an Issue
  • Cancel

OK, this is my last feature request for a while.

We manage a good number of firewalls from various vendors. The ones with web interfaces are easy to integrate into RDM.

However, we have a large number that run on Cisco ASA's and Checkpoint appliances.

Could there be... or is there... a way to support connections to

Cisco ASDM
Checkpoint Smartdashboard

thanks!

Clock7 yrs

Hi,
Could you give me more information? Does these firewall can be managed in command line?

David Hervieux

signaturesignature

Clock7 yrs

Can they be accessed via command line? Yes, both can be accessed via SSH.

However, management/administration is done via GUI application.

I am not going to pretend to know how to accomplish it, but I would imagine it can be done similarly to how the Vsphere client is integrated into RDM.

I only say this because Vsphere is a completely separate program that RDM "calls up".

Both the Cisco's ASDM and Checkpoint Smartdashboard have similar login pages where you would input the hostname or IP of the device and credentials.

Clock7 yrs

The problem is that we don't have a test environment for that. If you can find the command line to manage them I will be able to build a prototype. Could you try to execute the Cisco / Checkpoint application with /? or something like that?

David Hervieux

signaturesignature

Clock7 yrs

For the Cisco ASDM...

It runs as a Java Application.

In order to run the application, the following command needs to be executed from the ASDM folder (usually C:\Program Files (x86)\Cisco Systems\ASDM)

javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher


I tested this by browsing to the ASDM directory via command line. While in the directory, I executed the above command and it brought up the ASDM login page.

+++++++++++++++++++++++++++

Checkpoint is a little different.

Unlike just about every other application in existence, Checkpoint is not backwards compatible to earlier versions of the product.

For example, if you wanted to log into a Checkpoint appliance running R60, you would be required to install the smartdashboard for R60. Likewise, if you want to log into one running R70, you will need to install the specific smartdashboard for that version.

The reason for the long explanation is because the command line management access is different depending on the version you are running.

For R60...

browsing to the C:\Program Files (x86)\CheckPoint\SmartConsole\R60\PROGRAM directory and executing FWpolicy.exe will open up the Smartdashboard application.

Likewise with R62...


browsing to the C:\Program Files (x86)\CheckPoint\SmartConsole\R62\PROGRAM directory and executing FWpolicy.exe will open up the Smartdashboard application.


For R65 it is a little different...


browsing to the C:\Program Files (x86)\CheckPoint\SmartConsole\R65\PROGRAM directory and executing CPLauncer.exe will open up the Smartdashboard application.


Likewise with R70.20 ...

browsing to the C:\Program Files (x86)\CheckPoint\SmartConsole\R70.20\PROGRAM directory and executing CPLauncer.exe will open up the Smartdashboard application.

The absolute main reason I am asking for this addition is because we are utilizing RDM as a RemoteApp running on a Windows Remote Desktop Server. By allowing these two application to launch via RDM, I will have all the applications we need for full management from a single location.

Sorry for the drawn out response. Let me know if you have any other questions or need further information.

Clock7 yrs

Hi David.

It took some time to click, but it finally dawned on me that the feature to allow firewall application support already exists.

In this case, the Command line option. Using the information above, I was able to create a command line session that will open the java applet. Then utilizing a keyboard script, i am able to also fill in the account credentials.

As a bonus, I also changed the icon to match the FW application.

I just wanted to say thank you for your time and for making such an awesome product.

Clock7 yrs

Thank you for your feedback, Would you mind to share with us the export of your session (just change the credentials and host setting)?

David Hervieux

signaturesignature

Clock7 yrs

No problem.

I have attached an RDM file for a Cisco ASDM connection.

It should open up the ASDM Java applet as long as everything is installed in the default directory (C:\Program Files (x86)\Cisco Systems\ASDM).

I don't know enough about Java to even attempt integrating the host, username, and password into the command line portion. However, autologin can be accomplished by using the after login macro script (Events --> After connection --> Typing macro). It takes a second to load, so I extended the "initial wait" to 5sec.

test.com{TAB}username {TAB}password

We utilize RDM as a Remote Desktop Remoteapp. The Java applets actually run pretty well even through that.
<em>edited by rebelpawn on 1/22/2012</em>

ASDM.rdm
Clock7 yrs

Thank you so much, This could help other people.

David Hervieux

signaturesignature

Clock7 yrs

Hello,

I was using ASDM in rdm for a wile now on Windows 7. Now i installed Windows 8 and i am not able to launche ASDM with rdm anymore. I get the error:

Unable to execute the command line [javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher]

Anybody knows why this error occurs?

Greetings,

Bob

Clock6 yrs

Hi,
Is it possible that javaw.exe is not found in the path?

Open a Windows command line and type the same command to see if it starts

David Hervieux

signaturesignature

Clock6 yrs

Hello,

It doesnt start. Can i enable that to start or am i missing something?

Greetings,

Bob

Clock6 yrs

I suspect that javaw is no longer in the search path. Could you verify where it's installed?

David Hervieux

signaturesignature

Clock6 yrs

C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Clock6 yrs

Does it work if you type the full path?

C:\Program Files (x86)\Java\jre7\bin\javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher

David Hervieux

signaturesignature

Clock6 yrs

Hello,

I tried the full path and it does not work. What i could find is that i had java 7 installed and i downgraded tot java 6. Also i have installed java 64 and 32 bit. Now i get an new error:

Java Virtual Machine Launcher

Could not find the main class: com.cisco.launcher.Launcher. Program wil exit.

Greetings,

Bob

Clock6 yrs

It seems that now java is unable to find the applet. Perhaps a path is not configured correctly?

David Hervieux

signaturesignature

Clock6 yrs

Hi,

I found the problem and it is working again. Turn on compatibility mode and put it on Windows 7. After that the ASDM manager booted. I found out that there is a problem when RDM is trying to run the script.

When i did in cmd:
cd C:\Program Files (x86)\Cisco Systems\ASDM

After that:
javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher

There wil be no error and ASDM starts. But when i put the code in the wrong directory i get the error:
Could not find the main class: com.cisco.launcher.Launcher. Program wil exit.

So maybe there is a compatibility problem with RDM and Windows 8 that keeps it from executing the command to get to the right directory.
B.t.w sorry for my poor English, my home language is Dutch but i think u can understand what i say smile

Greetings,

Bob
edited by bobkorthals on 2/20/2013

Clock6 yrs