topic Active Member of ClusterXL unable to reach updates.checkpoint.com in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Member-of-ClusterXL-unable-to-reach-updates-checkpoint/m-p/188966#M34770 <P>I was having this problem under R80.40, and upgraded to R81.10 and problem still exists.&nbsp; The Active (call it B1) gateway is receiving an error Anti-Bot-Update Failed. Contract Entitlement check failed.&nbsp; Could not reach 'updates.checkpoint.com'. Check DNS and Proxy Configuration on gateway.</P><P>The Standby (call it B2) member has no errors.&nbsp; Now, if I do a force failover between the two, B1 now has no errors after about 2 minutes, it is able to check, and B2 now gets the error.</P><P>I have explicit rules allowing the Cluster object, and each cluster member access to the internet via the required ports on both the Security ruleset and the Application ruleset.</P><P>What else can I check?</P><P>&nbsp;</P> Tue, 08 Aug 2023 14:39:35 GMT JoaT 2023-08-08T14:39:35Z Active Member of ClusterXL unable to reach updates.checkpoint.com https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Member-of-ClusterXL-unable-to-reach-updates-checkpoint/m-p/188966#M34770 <P>I was having this problem under R80.40, and upgraded to R81.10 and problem still exists.&nbsp; The Active (call it B1) gateway is receiving an error Anti-Bot-Update Failed. Contract Entitlement check failed.&nbsp; Could not reach 'updates.checkpoint.com'. Check DNS and Proxy Configuration on gateway.</P><P>The Standby (call it B2) member has no errors.&nbsp; Now, if I do a force failover between the two, B1 now has no errors after about 2 minutes, it is able to check, and B2 now gets the error.</P><P>I have explicit rules allowing the Cluster object, and each cluster member access to the internet via the required ports on both the Security ruleset and the Application ruleset.</P><P>What else can I check?</P><P>&nbsp;</P> Tue, 08 Aug 2023 14:39:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Member-of-ClusterXL-unable-to-reach-updates-checkpoint/m-p/188966#M34770 JoaT 2023-08-08T14:39:35Z Re: Active Member of ClusterXL unable to reach updates.checkpoint.com https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Member-of-ClusterXL-unable-to-reach-updates-checkpoint/m-p/190388#M35133 <P>Usually, it's the backup gateway that is problematic to reach the update servers, not the primary.<BR />In any case, recommend a TAC case to assist: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Wed, 23 Aug 2023 21:33:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Member-of-ClusterXL-unable-to-reach-updates-checkpoint/m-p/190388#M35133 PhoneBoy 2023-08-23T21:33:23Z