Support Center > Search Results > SecureKnowledge Details
How to troubleshoot Gaia Portal (WebUI)
Solution

Gaia has introduced an all-new Portal that provides full access to system configuration.

Gaia Portal (WebUI) architecture

Gaia Portal (WebUI) is powered by an Apache server running on the Security Gateway or Security Management server. The Apache server handles HTTPS requests of Gaia via a CGI interface, passing the requests to the TCL scripts. Besides this, the Apache manages the sessions using a proprietary Apache module that works in coordination with the Gaia DB and RBA roles. The Client side is based on Javascript and CSS files powered by ExtJs Javascript library. The Gaia Portal, as system portal, functions with and without multi-portal I/S. When there is no multi-portal, the HTTPS requests go directly to the Apache process listening for HTTPS connections.

Troubleshooting needs to be conducted when you have problems accessing the Gaia Portal, for example:

  • User cannot access the Gaia Portal.
  • User cannot access specific pages of the Gaia Portal.
  • Log in to Gaia Portal succeeded, but then the Gaia Portal is stuck.
  • The browser displays errors on several pages.

 

Table of Contents

  1. Browser displays an error
  2. Error on specific page in Gaia Portal
  3. Gaia Portal fails to execute a command or function
  4. Gaia Portal crashes
  5. Gaia Portal failed to load
  6. Access to Gaia Portal failed
  7. Gaia Portal failed to load showing blank page
  8. Related documentation
  9. Related solutions

 

(1) Browser displays an error

 

(2) Error on specific page in Gaia Portal

Click Here to Show instructions for all browsers
  • Show / Hide instructions for Google Chrome

    1. Connect to Gaia Portal using Google Chrome (but do not log in yet).

    2. Enable Developer Tools - in the menu, go to More tools - click on Developer tools (or press either F12, or CTRL+Shift+I)



    3. In the Developer Tools window, go to Network tab.

      Recording of the network log is started automatically.

      Note: It is strongly recommended to undock the Developer Tools into separate window (click on the 3 vertical dots in the upper right corner).

      Example:


    4. Log in to Gaia Portal.
      Note: The credentials are not recorded in the network log.

    5. Replicate the issue:

      1. Navigate to the problematic page / section

      2. Take the screenshot of Gaia Portal before the issue

      3. Perform the relevant actions to replicate the issue

      4. Take the screenshot of Gaia Portal after the issue


    6. Wait for 1-2 minutes.

    7. Stop recording network log - click on the red circle.

    8. Right-click on any of the files at the bottom - select Save as HAR with content - save the <IP_Address_of_Gaia_Portal>.har file on your computer.

      Example:


    9. Send the following files from the involved Gaia machine to Check Point Support:

      • CPinfo file
      • /web/cgi-bin2/*
      • /web/htdocs2/js/*
      • /var/log/messages*
      • Recorded network log (HAR file)


  • Show / Hide instructions for Firefox

    1. Connect to Gaia Portal using Firefox (but do not log in yet).

    2. Enable Developer Tools in Network mode - go to the upper right-menu - click on Developer - click on Network (or press CTRL+Shift+Q):



    3. Click on the Clock icon to start performance analysis.

      Note: It is strongly recommended to undock the Developer Tools into separate window (click on the 2-windows icon in the upper right corner).



    4. Click on the Back button to see all the loaded scripts and images.

      Example:


    5. Log in to Gaia Portal.
      Note: The credentials are not recorded in the network log.

    6. Replicate the issue:

      1. Navigate to the problematic page / section

      2. Take the screenshot of Gaia Portal before the issue

      3. Perform the relevant actions to replicate the issue

      4. Take the screenshot of Gaia Portal after the issue


    7. Wait for 1-2 minutes.

    8. Right-click on any of the files - select Save All As HAR - save the <Archive DD-MM-YY HH-MM-SS>.har file on your computer.

      Example:


    9. Send the following files from the involved Gaia machine to Check Point Support:

      • CPinfo file
      • /web/cgi-bin2/*
      • /web/htdocs2/js/*
      • /var/log/messages*
      • Recorded network log (HAR file)


  • Show / Hide instructions for Internet Explorer

    1. Download and install HttpWatch on the computer, from which you will connect to Gaia Portal.

    2. Start the HttpWatch capture (refer to HttpWatch Help file, or online version).

    3. Connect to Gaia Portal using Internet Explorer.

    4. Log in to Gaia Portal.

    5. Replicate the issue:

      1. Navigate to the problematic page / section

      2. Take the screenshot of Gaia Portal before the issue

      3. Perform the relevant actions to replicate the issue

      4. Take the screenshot of Gaia Portal after the issue


    6. Wait for 1-2 minutes.

    7. Stop the HttpWatch capture.

    8. Export the HttpWatch capture to HAR format.

    9. Send the following files from the involved Gaia machine to Check Point Support:

      • CPinfo file
      • /web/cgi-bin2/*
      • /web/htdocs2/js/*
      • /var/log/messages*
      • Exported HttpWatch capture (HAR file)

 

(3) Gaia Portal fails to execute a command or function

Check the same command in Gaia Clish:

  • If the command works correctly - Probably, this is a Gaia Portal problem.

    • Check browser logs. Refer to section "Browser displays an error".
    • Check TCL server side logs:
      • Using the browser console or Apache logs /usr/local/apache2/logs, find the name of the TCL file being accessed by the browser.
      • Every TCL file has its debug file. Edit the TCL file that is located in the the /web/cgi-bin2/ directory.
      • Look for the debug file name (should be something like /tmp/<feature>.debug).
      • Examine this log file.
    • Check /var/log/messages file to see errors of ipstcl process (the TCL interpreter).


  • If the command does not work - Probably, this is Gaia Database problem. Check the /var/log/messages file.

 

(4) Gaia Portal crashes

  • Check browser logs with the browser console.

  • Check the relevant log files:
    • /var/log/messages* files
    • Apache logs in the /usr/local/apache2/logs/ directory

 

(5) Gaia Portal failed to load

The reasons for this issue can vary and may occur at different layers.
Below are steps and instructions on how to narrow the troubleshooting scope.

  • Check if you have connectivity to the machine from the client machine via ping.
    Capture the traffic with tcpdump to see if pings can reach the machine.

  • When browsing to the Gaia portal, check the HTTPS connections:

    • Capture the traffic with tcpdump to see that the HTTPS connections are being seen on the machine.

    • If HTTPS connections are seen on the machine, and this machine is Security Gateway / Cluster member,
      then run a simple kernel debug to check these HTTPS connections are dropped: fw ctl zdebug + drop.
      If there is a doubt, and this machine is NOT connected to any network (except your test computer),
      then try unloading the Firewall policy: fw unloadlocal (to reload the policy, run: fw fetch localhost command).

    • Check if the Multi-Portal is not routing the Gaia connections to the wrong portal.
      Run fw ctl zdebug + crypt command.
      If there is a doubt, and this machine is NOT connected to any network (except your test computer),
      then try unloading the Firewall policy to disable Multi-Portal: fw unloadlocal (to reload the policy, run: fw fetch localhost command).

    • If indeed Multi-Portal routes the Gaia connections to the wrong portal, then check that the Gaia Portal port is configured
      in SmartDashboard in the corresponding object and see that the browser connects to the same port.

    • Check the Apache server logs to see if Gaia connections arrive at the Apache server:

      • Examine the files in the /usr/local/apache2/logs/  
      • Examine the files /var/log/httpd2_* and /var/log/httpd_*


  • Check the ownership and permissions of the TCL files in the /web/cgi-bin2/ directory with ls -al /web/cgi-bin2/ command.
    These TCL files should have:
    • The following ownership: admin root
    • The following permissions: -r-xr-xr-x

    Note: the httpd_dyno.tcl file located in this directory, has different permissions since it is obsolete and is not used by Gaia Portal anymore.

    To correct the ownership / permissions, run:
    • For ownership: chown -v admin:root /web/cgi-bin2/*
    • For permissions: chmod -v a=rx /web/cgi-bin2/*


  • Check the ownership and permissions of /usr/bin/cgisu file with ls -l /usr/bin/cgisu command.
    This file should have:
    • The following ownership: admin config
    • The following permissions: -r-sr-x---

    To correct the ownership / permissions, run:
    • For ownership: chown -v admin:config /usr/bin/cgisu*
    • For permissions: chmod -v 4550 /usr/bin/cgisu


  • Check that the files /web/conf/server.key and /web/conf/server.crt are not empty with the following commands:
    • cat /web/conf/server.key
    • cat /web/conf/server.crt

    Related solutions:

 

(6) Access to Gaia Portal failed

Check the ownership and permissions for /tmp directory.

This directory should have:

  • The following ownership: admin root
  • The following permissions: drwxrwxrwt

To correct the ownership / permissions, run:

  • For ownership: chown -v admin:root /tmp
  • For permissions: chmod -v a=rwxt /tmp

 

(7) Gaia Portal failed to load showing only blank page

Enable JavaScript in your browser. For more information, refer to http://www.enable-javascript.com.

 

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment