This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Sas
Contributor
Wednesday

Identity Agent Distributed Configuration Tool - The server is not Reachable

Hi guys.

after fighting a bit to find this Identity Agent Distributed Configuration Tool ( "C:\Program Files (x86)\CheckPoint\Identity Agent\IdentityAgent.exe" -adtool) and fetching fingerprint for my main gateway I run into another issue.

If I try to get the fingerprint for the other branch firewalls I get this error :
---------------------------
Gateway Trust Configuration
---------------------------
The server is not reachable, please check the specified address.
---------------------------
OK
---------------------------

trustedgateways.png

I can reach the gateway just fine by 443 and ssh and all the other ports I need.... but can't seem to fetch them with this tool to get the fingerprint.
The main cluster I can fetch the fingerprint and all ok, but not the branches.

Any idea ?

 

0 Kudos
2 Replies
Vincent_Bacher
Leader Leader
Leader
Wednesday

We have been using Identity Agent for years, but unfortunately I have never used the tool and I have Zscaler Client Connector installed on the client I am currently working on, so I cannot reproduce this. Can you see a connection request from your client to the outside via Wireshark? I'm not sure if it's really 443/tcp, but it should be.
If so, do you see a reset response from the server or nothing coming back at all? Is the branch gateway already configured for Identity Agent? Does entering the GW directly as a server in Identity Agent work, do you get a connection?

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
George_Sas
Contributor
Wednesday
In response to Vincent_Bacher

1. I did not tried a wireshark yet , but I guess I will do that tomorrow.
2. All branch offices GW's are configured for Identity Agents.
3. If I manually put the specific GW in the agent configuration I can connet to it just fine.

I need to add the gateways and fingerprints as when I tested using "_srv" records , some clinets connected to branch offices gateways and got certificate warning as I am using wildcard.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events