This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jamie_Kelahan
Contributor
a week ago

Near constant problem with TED interface. Connection issue?

Hi all,

Setup is 2 Quantum Spark 1590's in active/standby cluster running latest version - R81.10.17, build 996004721.

I consistently have problems with TED interface showing as a "problem" and therefore the standby member showing as down.  Seems to happen every few days or week and to solve, it's usually some combination of cpstop/cpstart, rebooting and I've even had to go as far as re-initializing SIC (this may have been unrelated).  I typically notice the red icon in SmartConsole, which reports a problem with clusterXL and usually the message about not being able to connect to the cloud.  I ssh into the gateway and cphaprob list shows the TED interface in a problem state. 

The facility where these are located is very remote and our only ISP options are point-to-point wireless connections, of which we have 2.  One is connected to the Check Points and the other is used by our SD-WAN (not Check Point).  When I see this issue, I typically chalk it up to something flaky happened overnight with our ISP - in my (limited) experience with point-to-point wireless, a gust of wind can cause connectivity issues.

As I said, I can usually get it back relatively quickly by rebooting the offending gateway and I forget about it until the next time I see the red X.  However, yesterday was the first time I saw it break in "real time."  GW1 was the active member and GW2 had the TED problem, but there was another issue - GW1 was not responding to ssh or https.  I had someone local physically reboot GW1, at which point GW2 became active.  Once GW1 booted, it became the active member again and GW2 still showed the TED problem.  I ran cpstop/cpstart on GW2 and once services started, it became the active member with everything reporting OK.  When I checked the cluster status again, GW1 was now showing the TED problem.  (I should note, I was multitasking after running cpstart, so it was anywhere from 15 - 45 minutes before I checked the status again.)

I got pulled away for the rest of the day on a mission-critical task, so didn't get back to this until today.  GW1 was still showing as down, with the TED interface in a problem state.  I rebooted GW1 and it's been back to normal since (3-ish hours).

Anybody seen something like this before?  Could it be related to the less-than-ideal ISP?  Anything I can do to tweak settings to try and resolve?  I've not yet opened a TAC case on it, primarily because of me assuming it's just a weird ISP thing.  I also feel like I'll open a case with TED broken, they'll ask me to reboot, which will "fix" it and - voila - case closed.  And I there is no rhyme or reason to why it's sometimes fixed for 2 days and other times 2 weeks...

0 Kudos
2 Replies
Lesley
MVP Gold
MVP Gold
a week ago

Any hints here during the issue? Both members have issues? How is diskspace ? df -h

$FWDIR/log/ted.elg

/var/log/messages

If you are not using TED you can remove it from the clusterXL check as a permanent work around 😉

https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/cphaconf-Unregistering-Criti...

Check also if you can access following websites during issue, please note curl_cli works differently on spark

te.checkpoint.com

https

Security Gateway

Threat Emulation

curl_cli [--proxy <IP_or_HostName:Port>] -v -k https://te.checkpoint.com/tecloud/Ping

teadv.checkpoint.com

https

http

Security Gateway

Threat Emulation

curl_cli [--proxy <IP_or_HostName:Port>] -v http://teadv.checkpoint.com/version.txt

threat-emulation.checkpoint.com

https

Security Gateway

Threat Emulation

curl_cli [--proxy <IP_or_HostName:Port>] -v https://threat-emulation.checkpoint.com/tecloud/Ping

 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Diamond
MVP Diamond
a week ago

I would open TAC case, for sure. I saw on different post these 1500 models may have an issue if you upgrade them to R82 version, but might be worth confirming with support.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 24 Feb 2026 @ 04:30 PM (EST)

    Las Vegas: MDR/XMDR
    In-Person

    Wed 25 Feb 2026 @ 04:30 PM (MST)

    Tempe, AZ: MDR/MXDR
    In-Person

    Fri 06 Mar 2026 @ 08:00 AM (COT)

    Check Point R82 Hands‑On Bootcamp – Comunidad DOJO Panamá
    In-Person

    Wed 11 Mar 2026 @ 12:00 PM (MDT)

    CheckMates Live Denver!
    CheckMates Events