- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi
I got a route based VPN between 1575 SMB and a 6500 gateways.
On Smartconsole it looks like this:
Where the SMB that got the problem is test7
On Smartevent monitor test7 is waiting:
The problem began immediately after upgrading the SMS to take 76.
What’s odd is that the tunnel is still functioning correctly. On the other side, there’s a Cisco AP that connects to its WLC on my side without any issues!
I checked sic_info.elg on SMB I could see this log:
CLIENT; process: fw; my port: 42545; peer port: 18191; my ip addr: 192.168.7.10; peer ip addr: x.x.x.x; sic service type: EntitlementManager; fwasync state: SIC_CLIENT_GET_SICNAME; error id: 111; SIC Error for EntitlementManager: Peer sent wrong DN: CN=fw01,O=xxxx.xxxx.xxxx.xxxxxx
On 6500 cluster object the CN=fwcl
I wonder why the SMB is getting CN=fw01, where fw01 is a gateway on fwcl cluster!
How to import the correct certificate to the SMB, is it "Reinitialize Trusted communication"?
What should i look at? The SMB is already centrally managed?
I think this is a known limitation:
| SmartView Monitor | ||
| SMBGWY-2525 |
The SmartConsole "Device & License Information" window shows incorrect information for the Centrally Managed Quantum Spark Gateway in these scenarios:
To get to this window:
|
|
Have you tried rebooting that SMB gateway?
Andy
yes, same !
But you say the tunnel shows as up? Both phase 1 and 2? Is the traffic through it working?
Andy
No, the tunnel doesn't appear as up, as shown in the images above, but it is functioning correctly.
So where is it failing? Phase 2?
cpca_client lscert -dn "CN=fwcl"
cpca_client lscert -dn "CN=fw01"
Upon reviewing the 6500 certificates, I discovered the following:
The issue is that the VPN peers are receiving the DN CN=fw01 certificate instead of the DN CN=fwcl certificate.
Question: Why is the VPN peer receiving the CN=fw01 certificate instead of the CN=fwcl?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 12 | |
| 10 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Tue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityTue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY