- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi
I got a route based VPN between 1575 SMB and a 6500 gateways.
On Smartconsole it looks like this:
Where the SMB that got the problem is test7
On Smartevent monitor test7 is waiting:
The problem began immediately after upgrading the SMS to take 76.
What’s odd is that the tunnel is still functioning correctly. On the other side, there’s a Cisco AP that connects to its WLC on my side without any issues!
I checked sic_info.elg on SMB I could see this log:
CLIENT; process: fw; my port: 42545; peer port: 18191; my ip addr: 192.168.7.10; peer ip addr: x.x.x.x; sic service type: EntitlementManager; fwasync state: SIC_CLIENT_GET_SICNAME; error id: 111; SIC Error for EntitlementManager: Peer sent wrong DN: CN=fw01,O=xxxx.xxxx.xxxx.xxxxxx
On 6500 cluster object the CN=fwcl
I wonder why the SMB is getting CN=fw01, where fw01 is a gateway on fwcl cluster!
How to import the correct certificate to the SMB, is it "Reinitialize Trusted communication"?
What should i look at? The SMB is already centrally managed?
I think this is a known limitation:
SmartView Monitor | ||
SMBGWY-2525 |
The SmartConsole "Device & License Information" window shows incorrect information for the Centrally Managed Quantum Spark Gateway in these scenarios:
To get to this window:
|
Have you tried rebooting that SMB gateway?
Andy
yes, same !
But you say the tunnel shows as up? Both phase 1 and 2? Is the traffic through it working?
Andy
No, the tunnel doesn't appear as up, as shown in the images above, but it is functioning correctly.
So where is it failing? Phase 2?
cpca_client lscert -dn "CN=fwcl"
cpca_client lscert -dn "CN=fw01"
Upon reviewing the 6500 certificates, I discovered the following:
The issue is that the VPN peers are receiving the DN CN=fw01 certificate instead of the DN CN=fwcl certificate.
Question: Why is the VPN peer receiving the CN=fw01 certificate instead of the CN=fwcl?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
12 | |
12 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY