Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gaurav_Pandya
Advisor

Threat Emulation blade not communicating

Hi,

In one of the firewall, We are getting error "Error : Communication error - Could not connect to cloud" on Smart vie monitor for Threat Emulation blade.

Did cpstop/cpstart and reboot the gateway but still the same issue. When checked details, it is showing as below.

What could be the issue?

16 Replies
Vladimir
Champion
Champion

Good place to start would be to check DNS and gateway settings on that unit and follow the "Error: Could not connect to the Check Point Cloud. Check your connection settings (Proxy, DNS and g... 

Plus, in the screenshot you are showing, there is an "Invalid subscription" string which may warrant looking into.

Gaurav_Pandya
Advisor

Hi,

All other blades like Antivirus, Antibot, URL Filtering are working fine so I don't think its issue with DNS or Proxy or connectivity.

0 Kudos
Vladimir
Champion
Champion

I wonder if there is a Check Point portal where the state of cloud services could be looked-up...

0 Kudos
Jesús_Toledano
Contributor

Hi Vladimir, here you are:

Check Point Services Status 

It seems today there is not any issue.

Vladimir
Champion
Champion

Thank you!

0 Kudos
Vladimir
Champion
Champion

Have you looked into the service contracts attached to that GW to see if the "Invalid subscription" has any merit?

0 Kudos
PhoneBoy
Admin
Admin

I'd start here: How to verify that Security Gateway and/or Security Management Server can access Check Point servers... 

If it's a lack of subscription issue (which your screenshot suggests), that's a different issue.

Thomas_Werner
Employee Alumnus
Employee Alumnus

On the gateways command line this also shows you your TE subscription quota status:

# tecli show cloud quota

and

# cpstat threat-emulation -f contract

Regards Thomas

0 Kudos
Mason_Bourdeau
Participant

I have this exact issue as well, only one of my Cluster XL members is showing this status, the URLs are reachable and the primary member is happily connected, only one of my FWs is showing this error and I have not yet been able to diagnose why...

0 Kudos
Vladimir
Champion
Champion

Gaurav,

Is your gateway with the problem a standby member of the cluster or is a standalone unit?

0 Kudos
Mason_Bourdeau
Participant

Standby member of a ClusterXL

0 Kudos
Gennady_Persini
Explorer

Hi Mason

We had the same or maybe similar issue, which was resolved by following all the steps in sk43807.

Gaurav_Pandya
Advisor

Hi,

Issue is resolved automatically, Without doing any changes on configuration side.

May be some issue at Checkpoint Side or may some local issue.

0 Kudos
Gaurav_Pandya
Advisor

Hi Vladimir,

Gateway which is having problem is standby unit of cluster.

0 Kudos
Vladimir
Champion
Champion

In this case, I'd suggest opening a ticket with TAC and referencing this thread in it, as yours and Mason's issues seem to be the same, which leads me to believe that this may be a bug.

Should you do that, please keep this thread updated to let us know how and when the issue is resolved.

Thank you.

Ali_Mukhtar
Explorer

Install a policy with the following 

source : firewall-a,b,cluster (internal ips only)

dest: any

service : 80/443/53 domain udp 

then retest the connection with the blade 

your don’t have to do natting if the firewall already has external IP address 

let me know

cheers 

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events