cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Threat Emulation blade not communicating

Hi,

In one of the firewall, We are getting error "Error : Communication error - Could not connect to cloud" on Smart vie monitor for Threat Emulation blade.

Did cpstop/cpstart and reboot the gateway but still the same issue. When checked details, it is showing as below.

What could be the issue?

16 Replies
Vladimir
Pearl

Re: Threat Emulation blade not communicating

Good place to start would be to check DNS and gateway settings on that unit and follow the "Error: Could not connect to the Check Point Cloud. Check your connection settings (Proxy, DNS and g... 

Plus, in the screenshot you are showing, there is an "Invalid subscription" string which may warrant looking into.

Re: Threat Emulation blade not communicating

Hi,

All other blades like Antivirus, Antibot, URL Filtering are working fine so I don't think its issue with DNS or Proxy or connectivity.

0 Kudos
Vladimir
Pearl

Re: Threat Emulation blade not communicating

I wonder if there is a Check Point portal where the state of cloud services could be looked-up...

0 Kudos
Employee+
Employee+

Re: Threat Emulation blade not communicating

Hi Vladimir, here you are:

Check Point Services Status 

It seems today there is not any issue.

0 Kudos
Vladimir
Pearl

Re: Threat Emulation blade not communicating

Thank you!

0 Kudos
Vladimir
Pearl

Re: Threat Emulation blade not communicating

Have you looked into the service contracts attached to that GW to see if the "Invalid subscription" has any merit?

0 Kudos
Admin
Admin

Re: Threat Emulation blade not communicating

I'd start here: How to verify that Security Gateway and/or Security Management Server can access Check Point servers... 

If it's a lack of subscription issue (which your screenshot suggests), that's a different issue.

Employee++
Employee++

Re: Threat Emulation blade not communicating

On the gateways command line this also shows you your TE subscription quota status:

# tecli show cloud quota

and

# cpstat threat-emulation -f contract

Regards Thomas

0 Kudos
Highlighted

Re: Threat Emulation blade not communicating

I have this exact issue as well, only one of my Cluster XL members is showing this status, the URLs are reachable and the primary member is happily connected, only one of my FWs is showing this error and I have not yet been able to diagnose why...

0 Kudos
Vladimir
Pearl

Re: Threat Emulation blade not communicating

Gaurav,

Is your gateway with the problem a standby member of the cluster or is a standalone unit?

0 Kudos

Re: Threat Emulation blade not communicating

Standby member of a ClusterXL

0 Kudos

Re: Threat Emulation blade not communicating

Hi Mason

We had the same or maybe similar issue, which was resolved by following all the steps in sk43807.

Re: Threat Emulation blade not communicating

Hi,

Issue is resolved automatically, Without doing any changes on configuration side.

May be some issue at Checkpoint Side or may some local issue.

0 Kudos

Re: Threat Emulation blade not communicating

Hi Vladimir,

Gateway which is having problem is standby unit of cluster.

0 Kudos
Vladimir
Pearl

Re: Threat Emulation blade not communicating

In this case, I'd suggest opening a ticket with TAC and referencing this thread in it, as yours and Mason's issues seem to be the same, which leads me to believe that this may be a bug.

Should you do that, please keep this thread updated to let us know how and when the issue is resolved.

Thank you.

Re: Threat Emulation blade not communicating

Install a policy with the following 

source : firewall-a,b,cluster (internal ips only)

dest: any

service : 80/443/53 domain udp 

then retest the connection with the blade 

your don’t have to do natting if the firewall already has external IP address 

let me know

cheers 

0 Kudos