Unable to connect to the checkpoint cloud check dn...

Rabindra_Khadka · ‎2019-04-24

There is a issue on CP-MGMT sever, which is unable to get the checkpoint updates server while checking for available hotfix, the gateway, dns is ok, proxy is not compulsory i think, what can be the issue that the management server is facing, while the gateway is getting the checkpoint updates site and its working.

PhoneBoy · ‎2019-04-25

There are several SKs you should probably review:

sk83520 - How to verify that Security Gateway and/or Security Management Server can access Check Poi...
sk94508 - Recommended Internet Access Settings for Automatic Downloads
sk103433 - "CPUSE requires a valid license for downloads and updates" message in Gaia Portal
sk107508 - Download of CPUSE package fails with "Error: Bad or slow connection to the Check Point Cl...
sk112357 - CPUSE Agent fails to establish connection with Check Point Cloud when 3rd party Proxy wit...

PointOfChecking · ‎2021-05-12

Hi PhoneBoy,

Today, our MGMT and GW clusters stopped connecting to checkpoint updates services.

I followed the SKs you listed except the 103433 (as we don't have that error) and 112357 (as we don't use a proxy).

All Curl and telnet commands connect successfully. All settings were as described in the SKs.

The FW logs don't show any dropped packets.

I've checked the Audit logs to see if any settings were changed that could have caused the problem, but nothing out of the ordinary since last 2 days. The overnight IPS updates updates successfully last night.

Using R80.40.

Thanks

HristoGrigorov · ‎2021-05-12

Updates Service - Increased Error Rates and Latencies

New incident: Investigating

We are currently investigating this issue.

Time posted

May 12, 08:00 UTC

Components affected

Check Point Quantum Update Service

PointOfChecking · ‎2021-05-13

Thanks!

Checked this morning still seems a bit strange.

3 out of 4 devices can "check for updates" from the CPUSE DA

0 out of 4 devices can download any updates.

PointOfChecking · ‎2021-05-14

Still no luck on my end. Though I found this error in the logs:

Any idea why the update site has been shown to contain a virus?

Time: 2021-05-14T07:58:37Z

Interface Direction: inbound

Other: FDT_LIBCURL

Precise Error: unknown error

Source: MGMT IP

Source Port: 56840

Destination: 88.221.175.14

Destination Port: 80

IP Protocol: 6

Proxied Source IP: MGMT IP < But we don't use a proxy>

Content Type: tgz

Http Server: AkamaiNetStorage

Content Length: 452797041

Method: GET

Http Status: 200

Http Host: dl3.checkpoint.com

User Agent: FDT_LIBCURL

Suppressed Logs: 2

Sent Bytes: 0

Received Bytes: 0

Severity: Low

Last Update Time: 2021-05-14T08:15:05Z

Action: Prevent

Type: Log

Policy Name: Policy-Name
Policy Management: MGMT HostName
Blade: Anti-Virus

Origin: GW HostName
Service: TCP/80

Product Family: Threat

Interface: ethNumber
Description: 88.221.175.14 received a malicious file that was prevented

Reason: File exceeded size limit, File exceeded size limit

Resource: http://dl3.checkpoint.com/paid/b7/b7f5310bb5b1726113bce712fb859cc6/Check_Point_SmartConsole_R80_40_j..., http://dl3.checkpoint.com/paid/b7/b7f5310bb5b1726113bce712fb859cc6/Check_Point_SmartConsole_R80_40_j...
Bytes (sent\received): 0 B \ 0 B

_Val_ · ‎2021-05-17

It looks like your AVI policy is misconfigured.

PointOfChecking · ‎2021-05-17

Hi Val,

Antivirus?

Where would I go about that changing that? In R77.30 that was a separate "blade" per se, but in R80.40 that's become part of threat prevention, and I can't find anywhere to specifically configure that?

Thanks

_Val_ · ‎2021-05-17

On the second thought, please open a TAC request for this.

PointOfChecking · ‎2021-05-17

LOL.

OK. Will do.

Are you a member of CheckMates?

Unable to connect to the checkpoint cloud check dns, gateway, proxy sever.