This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Charlie_Dobson
Contributor
‎2018-11-12 12:53 PM

Threat Emulation & Extraction Protocol Error 402

I can't seem to find any information on this error online performing Google searches, so my apologies if this has been asked before.

A user of ours is getting this error every time he opens or creates a new project in DriveWorks:

t[121118T120721.695]p[1470:12]l[Error]s[Engine]: Can't emulate image (sha1 '86f9692d8b8f5b88734520a01ff829a2dc14c15c' path 'C:\Users\xxxx\AppData\Local\Temp\DW\Shared\DSGR 2018-11-12 12-07-19.driveprojx') because of: 'ProtocolError' 'The remote server returned an error: (402) Payment Required.'

Anyone know what that means?  We're running R77.30.03 infrastructure with Check Point Endpoint Protection E80.83 installed using blades: MEPP, Anti-Ransomware, Anti-Bot, Threat Extraction & Emulation, Compliance, URLF, FW, App Control, & VPN.  Since this software will be used by many after initial testing, I will need to make sure this doesn't happen to everyone.

Please don't tell me this is the obvious and someone hasn't paid the bill. 

Charlie Dobson 

10 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-11-13 12:27 AM

How is TE in the cloud licensed ? On a GW, cpstat threat-emulation -f contract and tecli s c q will show the current quota, but with EPSS maybe a cplic print is enough ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Charlie_Dobson
Contributor
‎2018-11-13 05:12 AM
In response to G_W_Albrecht

When I run the cpstat threat-emulation -f contact, all I see are dashes:

TE Contract Name:                          -
TE Subscription Expire Date:               -
TE Cloud Hourly Quota:                     -
TE Cloud Monthly Quota:                    -
TE Cloud Remaining Quota:                  -
TE Maximal VMs Number:                     -
TE Subscription Status:                    -
TE Cloud Quota Status:                     -
TE Subscription Description:               -
TE Cloud Quota Description:                -
TE Cloud Quota Identifier:                 -
TE Cloud Monthly Quota Period Start:       -
TE Cloud Monthly Quota Period End:         -
TE Cloud Monthly Quota Usage for This GW:  -
TE Cloud Hourly Quota Usage for this GW:   -
TE Cloud Monthly Quota Usage for Quota ID: -
TE Cloud Hourly Quota Usage for Quota ID:  -
TE Cloud Monthly Quota Exceeded:           -
TE Cloud Hourly Quota Exceeded:            -
TE Cloud Last Quota Update GMT Time:       -

cplic print shows that our CPSB-EBP-TE (Threat Extraction) expires on March 15, 2019.  So it appears our subscription is still valid.

Thank you for showing me that.  Any other ideas as to what could be causing this error?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-11-13 06:35 AM
In response to Charlie_Dobson

I did already write that cpstat  may not be the correct command for EPSS !  CPSB-EBP-TE is a rather old license (3-4 years old) that has a certain quota that can be shown using the CK of the license.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Charlie_Dobson
Contributor
‎2018-11-13 06:49 AM
In response to G_W_Albrecht

Dumb question: Is the CK of the license safe to post here?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-11-13 07:55 AM
In response to Charlie_Dobson

As it is only the certificate key, but not the license itself, i would see no risk as nobody else has access to the license. But there is another possibilty: You can open an Account Services ticket in UserCenter (that is possible for everyone) and ask them to check the licence(s) for you...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Charlie_Dobson
Contributor
‎2018-11-13 08:02 AM
In response to G_W_Albrecht

Thanks, I wasn't sure.  The CK is  CK-00-1C-7F-30-D4-A2

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-11-13 11:46 PM
In response to Charlie_Dobson

The CK is a 4807 without TE license. But customer has a 3100 with SandBlast and Endpoint Complete including SandBlast Agent for a year. And after all, he has direct premium support, so you could contact TAC immediately...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
G_W_Albrecht
Legend Legend
Legend
‎2018-11-14 05:10 AM

In UserCenter, there is a report for SandBlast Cloud Quota Usage - go to Product Center > Blades Tab - Threat Emulation Cloud Report !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Charlie_Dobson
Contributor
‎2018-11-14 06:20 AM
In response to G_W_Albrecht

I don't seem to have a Cloud Report listed after clicking on Threat Emulation.  However, I do see this:

It seems I have inherited a licensing mess from the previous Admin.  I can't tell from the image if I'm licensed for Threat Extraction or if it expired.  Clicking on the non-expired Enterprise Based Protection link, it lists all my gateway devices, so I assume the license is still valid?

If I click on SandBlast Service Report, I see this:

Which suggests I have a capacity of half a million uploads?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-11-14 07:01 AM
In response to Charlie_Dobson

Just ask AccountServices !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events