Forum / Remote Desktop Manager - Feature Request

Checkpoint Dashboard Add IN

  • Create an Issue
  • Cancel

Can you add Checkpoint Software(SmartDashboard, SmartEvent, SmartLog) as an AddIn.
GrtzWesley Pronk

Clock4 yrs

Hi,
Do you know if they have an API or a command line we can invoke?

David Hervieux

signaturesignature

Clock4 yrs

Hi,

Its an executable.
Here's the path to the smartdashboard exe.
"C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\FwPolicy.exe"

And this is the shortcut target
"C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\CPAppStart.exe" 0

Do you want the installation file?

Clock4 yrs

Hi,
I need to know before if the command line support any parameters?

David Hervieux

signaturesignature

Clock4 yrs

Hi,

These are the command lines
Smart dashboard
C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\FwPolicy.exe connect 10.1.10.1 user password
Smartlog
C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\SmartLogGui.exe connect 10.1.10.1 user password
DatabaseTool
C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\GuiDBedit.exe connect 10.1.10.1 user password
SmartEvent
C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\AnalyzerClient.exe connect 10.1.10.1 user password

These are some tools for Checkpoint Firewalls

Wesley Pronk

Clock4 yrs

Really nice! I will add this to our todo list.

Regards

David Hervieux

signaturesignature

Clock4 yrs

Thnx,

I hoop it's soon added wink

Wesley Pronk

Clock4 yrs

Hi,

For your information, from version Checkpoint Smartconsole R80 an api is possible.
In this version it is also just one console instead from multiple consoles, these are all integrated.

Regards

Wesley Pronk

Clock4 yrs

Hello,

An add-on for checkpoint tools based on version R77.30 has been developed and joined as an attachment to this post. Could you give it a try and give us some feedback? You can install it by putting it in the %LocalAppData%\Devolutions\RemoteDesktopManager folder.

As for version R80 of Checkpoint Smartconsole, could you give us more information on this API like a documentation link or something similar?

Regards,
edited by Hubert Mireault on 8/27/2015

Hubert Mireault

signaturesignature

Clock4 yrs

Hello,

I've put the contents of the zipfile in %LocalAppData%\Devolutions\RemoteDesktopManager but there is no add-on in RemoteDesktopManager.

I'm sorry Check Point has no more information at the moment from R80, as soon I have information I will let you know.

Regards,

Wesley

Clock4 yrs

Hello,

You're right, I zipped up the wrong files by mistake. smile

Here is a zip with the right file in it, this should work. Be sure to remove the other files from the folder in case it causes any issue.

Regards,

Hubert Mireault

signaturesignature

CheckPoint1.0.0.0.zip
Clock4 yrs

Thanks,

I will let you know the testresults.

Regards,

Wesley

Clock4 yrs

Hi,

I'm currently still testing but until now it works.
Only the password doesn't fill automaticly correct, there comes an error then you click "OK" and type the password manualy and it works.

I think this Check Point has been blocked due security reason.

I'll see if there is another solution.

Regards,

Wesley
edited by wesley.pronk@qi.nl on 8/27/2015

Clock4 yrs

Thank you for testing it out. If you find anything else that can be improved, be sure to tell us.

I'll try to see if we can do something about the password not filling automatically, although I'm not sure what the problem is.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Is it possible to add the Option button "Prompt for password" in the Addon?

Aslo a colleague told this,

Hi Wesley,

Can you check what they expect from an API. Check Point R80 works with a REST-API so you can script against the database.
I think that is not what you are looking for. I assume that you just want to start the GUI.

The R80-GUI is still a windows executable where you need to enter the same information.
In september I will be doing an evaluation of R80 together witch Check Point's EA-team, so we can test this together.

Erwin


Regards,

Wesley

Clock4 yrs

Hello,

Yes, we'll be sure to add the prompt for password option. Ill post back here when I have another version ready for you to test out.

As for version R80, is the GUI still spread across 4 executable files then?

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Hi,

Ok that's nice!

Such as Check Point told currently its one executable.

Have a nice weekend!

Regards,

Wesley

Clock4 yrs

Hello Wesley,

Here's a new version of the add-on with the prompt for password option added. You can also prompt for password when linking a credential entry by selecting the "prompt for password" option in the credential entry itself.

Before installing it like before, be sure to delete any checkpoint smartconsole entry you created in your datasources, then delete the previous DLL, then install the one in this post. You won't have to do this in the future for updates of this add-on.

After testing it, could you give us some feedback once again? Thank you.

Regards,

Hubert Mireault

signaturesignature

CheckPointSmartConsole1.0.0.0.zip
Clock4 yrs

Thank you very much.

I will be testing it and will let you know

Regards,

Wesley

Clock4 yrs

Hi

So far, three of the highly integrated tools work in the addon.

This works well without a autotype password we use "always ask for password" and do not fill the field.

SmartLog is the only tool does not start.

I also had another question whether it is possible to use the option of smart dashboard for signing in with a certificate.

Regards,

Wesley

Clock4 yrs

Hello Wesley,

Thanks for testing it out!

For the SmartLog issue can you try this out: in RDM, make a command line entry that starts SmartLog correctly and export the session and send it to me at hmireault (at) devolutions.net or through the forum's private messaging feature. I'd like to see what we're doing differently that doesn't work, since we can't test it.

As for the smart dashboard and signing in with a certificate, could you give us the command line for it? It shouldn't be difficult to add if it's the same principle as the other command lines smile

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Hi Hubert,

I've tested Smartlog from a prompt.
It is not possible to open SmartLog from command line, it seems to me better when it is removed from the add on.
Almost in all cases the administrator opens first SmartDashboard (Fwpolicy) and then opens the other consoles.
Smart Event and DBedit are handy to open separately .

We have opened an incident at Check Point asking for additional parameters for opening the Smart Consoles.

Hive a Nice weekend

Regards,

Wesley

Clock4 yrs

Hello,

The add-on is now available to download here http://remotedesktopmanager.com/Home/AddOn
The only difference with the one you currently have is the removal of SmartLog since you said it doesn't have a command line. Before installing this new version, because of the removal of SmartLog, make sure to delete your CheckPoint SmartConsole sessions in RDM before using the new version of the add-on, as it might cause conflicts. After this though, there should really be no more problems.

Thank you for opening a ticket with check point, please keep us updated on the subject.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Hi,

I will test the new addon.

I will also keep you updated about the incident at Check Point.

Next week I 'm on holiday , the week after my vacation I will pick this up again.

Regards,

Wesley

Clock4 yrs

Hi,

We have received a reply from CheckPoint .

Unfortunately it is not possible to submit the password in a session.

About Smart Console Version R80 its still quiet, when I hear something more I let you know.

Regards,

Wesley

Clock4 yrs

Thanks Wesley, keep us updated and we'll make sure to update the add-on when checkpoint has more command line support.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Hello Hubert,

My company is currently demoing Remote Desktop Manager and so far it is ideal to what we require. We mainly manage tons of different Checkpoint devices which can be in different versions. However, the add on as it is today has some limitations. It only launches version R77.30 of the software.

Could you add the option to indicate what version and use the corresponding path to the executable of the version chosen? ex.

Smart dashboard R77.30
C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\FwPolicy.exe connect 10.1.10.1 user

Smart dashboard R75.40
C:\Program Files (x86)\CheckPoint\SmartConsole\R75.40\PROGRAM\FwPolicy.exe connect 10.1.10.1 user

And so on.

There is plenty of different console version and it might be difficult to you to add every single version so my idea is add a text field where the user writes the version number and the software automatically uses the right path. Alternatively, adding an option in the "path" menu for configuring multiple versions.

Other improvements are adding the option to launch another important smartconsole application:

Smart Endpoint R77.30
C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\EndpointManager.exe connect 10.1.10.1 user

Lastly as other users have tested, passing the password as Parameter is not supported. Could the password field be deleted from the call so we do not trigger an authentication failure (reflected in the audit logs) while leaving the option to store the password within RDM for copying manually (or automatic when starting the session)?

Thanks in advance and would be great to get this features, that would be a plus for the company to go ahead and buy the software.

Christian G

Clock3 yrs

Hello Christian,

Thank you for the suggestions! Currently in the path configuration (File > Options > Path > Configure installation path) you should be able to specify multiple paths by separating them with "". If I recall correctly the Checkpoint add-on should support this, but if it doesn't it should be easy to change.

As for specifying a path directly in the entry, that is a good idea too. It could be a text field that, if filled, it takes the executable found there, but if left empty, it takes the value in the path configuration in the options. What do you think?

We could definitely support Smart Endpoint.

For the password, we could allow the field to be empty and send nothing.

I'll work on these changes and get back to you with a preliminary version which you will be able to test and see if it works as expected.

Regards,

Hubert Mireault

signaturesignature

Clock3 yrs

Hello,

I attached to this post a new version of the add-on with the following changes:
- In the path configuration (File > Options > Path > Configure installation path) for the add-on, you can put multiple paths by separating them either with "" or skipping a line
- You can now put no password and it won't send it
- In addition to that there is an option in the new advanced tab to send the password. If you disable the password sending you will be able to store the password but not send it (since not all the command lines support sending the password)
- Smart Endpoint new option

Could you try out this new version with these changes and give us some feedback? You can install it by dropping the .DLL file in %LocalAppData%\Devolutions\RemoteDesktopManager which will replace your current installed version.

Regards,

Hubert Mireault

signaturesignature

CheckPointSmartConsole1.1.0.0.zip
Clock3 yrs

Hi Hubert,

Many thanks for your very quick reply.

I am currently thoroughly testing the add on and also all the posibilities the SmartConsole applications provide. As I have indetified some limitations of the Checkpoint software, I am investigating how they can be circumvent and I will update this post as soon as I have managed to do so. I already have some notes about what can be improved but will send all together.

Also as R80 version has been released, it uses an unified single console that currently does not accept any parameter. I will liase with CheckPoint and see if this can be added. Yes, it is true a new API is available for operations, but the main goal here is to automatize SmartConsole logins and nothing else.

Regards,

Clock3 yrs