Create a Post
Showing results for 
Search instead for 
Did you mean: 

Application database update failed


I've been having a really strange issue with application control. It seams that it can't update.
I'm following CCSA course from cbt nuggets, and I've everything ok.
But when going to activate application and url filtering, for some reasons database can't be updated.

This is what I got:
- My PC behind the checkpoint gw have internet access, and can resolve names properly. (no dns problem)
- My SMS have internet access, and can resolve names properly.
- My Checkpoint GW have internet access, and can resolve names properly.

When I go into Application & URL Filtering, and press "Gateways", I get on update status: "Error in database update".
Putting the mouse over I can read:

Application Control: Update failed. Gatewat can not
access internet
 Check connectivity and proxy settings.

URL Filtering: Update failed. Gateway ...(same thing)

so, i started to do some tshoot, and went to see if I can get into the page using curl_cli.
For that i whent to the checkpoint gateway and did:
"curl_cli -vk"

The result is a HTTP/1.1 200 OK, and I can see the content, for example: kg_filne_name etc...
But I also noticed I get an error like:
"*servercert: Error - server certificate validation failed!"

Can this be the issue?
In any case how can i solve this?

This is a trial license, 15 days one. But as far as I know, i should be able to test application control and url filtering with it also.

If so, how can I sort this out?

Any hints, or more tshoot tips? I even changed my policy, disabling some rules, and putting any any accept. so I don't block anything.

Looking forward to get some help here, as I'm totally out of ideas 😕

Thanks in advance.

0 Kudos
9 Replies

Check Point recently switched over to using SHA-256 certificates for online updates.

If you're not using R77.30 or above, you will need a hotfix to enable this support.

Refer to the following SK for details: Check Point update and online services migration to SHA-256 based certificates 


I'm on R77.10 guess I need to check that hotfix. thank you. will update here later. thank you for the fast reply.

0 Kudos

If this is just for study in the lab, I would opt for R80.10 (preferred) or R77.30.

R77 - R77.20 will be End of Support in August per the following: 


Yeh, but since this is just for learning purposes I'll stick with this one, and it's good to hit this walls, and learn to overpass them. Btw, is there any other way for me to download the hotfix ( Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ...  ) from the sk details you sent previously?
My user seams to not have rights to download them 😕

0 Kudos

Your account must be associated with an active support/software subscription agreement to download that file.

I strongly encourage you to download R80.10 instead: Check Point R80.10 


Thank you for all the help and support. Managed to fix the issue, but in either case already downloaded R80.10 and will rebuild the lab in that version, and learn in the most recent one.

Thanks for all.


I have a similar situation in a production environment & i am trying to find solution. I have already checked all the readily available checks & found to be positive. My CMA and CLM are of R77.30 and gateways are of R77.10. 

It will be helpful for me if you share the process to fix the issue.


0 Kudos

HI Polash,

as @ Dameon Welch Abernathy  shared, recently Checkpoint switched over to using SHA-256 certificates for online updates.

As so you need to install an hotfix: Check Point update and online services migration to SHA-256 based certificates 

For my case I've downloaded and installed the hotfix form section: 2-B for version R77.10a (2)

I've installed the hotfix on SMS, and gateways, and worked good to do the updates of database application.

In either case, I suggest you to update to version R80.10


Thanks a lot for the help and support.