Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rabindra_Khadka
Contributor

Unable to connect to the checkpoint cloud check dns, gateway, proxy sever.

There is a issue on CP-MGMT sever, which is unable to get the checkpoint updates server while checking for available hotfix, the gateway, dns is ok, proxy is not compulsory i think, what can be the issue that the management server is facing, while the gateway is getting the checkpoint updates site and its working. 

 

 

0 Kudos
9 Replies
PointOfChecking
Collaborator

Hi PhoneBoy,

 

Today, our MGMT and GW clusters stopped connecting to checkpoint updates services.

I followed the SKs you listed except the 103433 (as we don't have that error) and 112357 (as we don't use a proxy).

All Curl and telnet commands connect successfully.  All settings were as described in the SKs.

 

The FW logs don't show any dropped packets.

I've checked the Audit logs to see if any settings were changed that could have caused the problem, but nothing out of the ordinary since last 2 days.  The overnight IPS updates updates successfully last night.

 

Using R80.40. 

 

Thanks

 

HristoGrigorov

Updates Service - Increased Error Rates and Latencies

New incident: Investigating

We are currently investigating this issue.

Time posted

May 12, 08:00 UTC

Components affected


Check Point Quantum Update Service

PointOfChecking
Collaborator

Thanks!

Checked this morning still seems a bit strange.

3 out of 4 devices can "check for updates" from the CPUSE DA

0 out of 4 devices can download any updates.

 

 

PointOfChecking
Collaborator

Still no luck on my end.  Though I found this error in the logs:

Any idea why the update site has been shown to contain a virus?

 

Time: 2021-05-14T07:58:37Z

Interface Direction: inbound

Other: FDT_LIBCURL

Precise Error: unknown error

Source: MGMT IP

Source Port: 56840

Destination: 88.221.175.14

Destination Port: 80

IP Protocol: 6


Proxied Source IP: MGMT IP < But we don't use a proxy>

Content Type: tgz

Http Server: AkamaiNetStorage

Content Length: 452797041

Method: GET

Http Status: 200

Http Host: dl3.checkpoint.com

User Agent: FDT_LIBCURL

Suppressed Logs: 2

Sent Bytes: 0

Received Bytes: 0

Severity: Low

Last Update Time: 2021-05-14T08:15:05Z

Action: Prevent

Type: Log

Policy Name: Policy-Name
Policy Management: MGMT HostName
Blade: Anti-Virus

Origin: GW HostName
Service: TCP/80

Product Family: Threat

Interface: ethNumber
Description: 88.221.175.14 received a malicious file that was prevented

Reason: File exceeded size limit, File exceeded size limit

Resource: http://dl3.checkpoint.com/paid/b7/b7f5310bb5b1726113bce712fb859cc6/Check_Point_SmartConsole_R80_40_j..., http://dl3.checkpoint.com/paid/b7/b7f5310bb5b1726113bce712fb859cc6/Check_Point_SmartConsole_R80_40_j...
Bytes (sent\received): 0 B \ 0 B

0 Kudos
_Val_
Admin
Admin

It looks like your AVI policy is misconfigured.

0 Kudos
PointOfChecking
Collaborator

Hi Val,

Antivirus?

Where would I go about that changing that?  In R77.30 that was a separate "blade" per se, but in R80.40 that's become part of threat prevention, and I can't find anywhere to specifically configure that?

 

Thanks

 

0 Kudos
_Val_
Admin
Admin

On the second thought, please open a TAC request for this.

0 Kudos
PointOfChecking
Collaborator

LOL.

 

OK. Will do.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events