- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello,
Any help and feedback is much appreciated. I will start by saying that I do have a Checkpoint TAC case open for this but I'm looking into any avenue to get this resolved as quickly as possible.
Environment:
Management server is a VmWare virtual machine.
Manages about 11 Security Gateways along with Policies for FW, URL, APP, HTTPS INSPECTION, THREAT PREVENTION.
Upgrade performed from R77.30 to R80.10 in July 2017.
- Export was taken and imported into R80.10 along with all of the tools to verify pre-upgrade.
- Export was Imported into new VM with R80.10 Build 421 Jumbo Hotfix Take 15
- SmartConsole indicated some validation errors for some objects, but did not hinder operations i.e. policy installations, object creations no issue.
Issues begin:
Fast forward to 1st week of Oct 2017. The host ESX server the VM runs on was having maintenance performed during a change window. Normally services are gracefully shutdown on this VM, but not in this instance.
The Day after:
SmartConsole Login: Unable to connect to server
Debugs/Troubleshooting:
[Expert@MGTSERVER:0]# fw debug fwm on
  Cannot signal process fwm (9388), make sure the process is running.: No such process
 
 Check status of CPM process:
 [Expert@MGTSERVER:0]# $MDS_FWDIR/scripts/cpm_status.sh
 Check Point Security Management Server is during initialization
 
 Check to see if server is up and ready to receive connections:
 [Expert@MGTSERVER:0]# $MDS_FWDIR/scripts/server_status.sh
 Checking server status. Please wait...
 13:05:52,326 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:15 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local
 Failed to check status, cpm server is probably down 
fw debug fwm on                                                        cd $MDS_FWDIR/scripts
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# ./cpm_debug.sh -t Login webservices crud Solr -s DEBUG
16:07:52,259 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:15 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# tail $MDS_FWDIR/conf/tdlog.cpm
#TOPIC-DEBUG:login:SEVERITY:DEBUG
log4j.logger.com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl=DEBUG
#TOPIC-DEBUG:webservices:SEVERITY:DEBUG
log4j.logger.com.checkpoint.management.web_services.internal=DEBUG
#TOPIC-DEBUG:crud:SEVERITY:DEBUG
log4j.logger.com.checkpoint.management.web_services.dleserver.internal.ObjectCrudRemoteSvcImpl=DEBUG
log4j.logger.com.checkpoint.management.dleserver.coresvc.internal.ObjectCrudSvcImpl=DEBUG
#TOPIC-DEBUG:solr:SEVERITY:DEBUG
log4j.logger.com.checkpoint.management.object_store.fts=DEBUG
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# $MDS_FWDIR/conf/tdlog.cpm                                                                                            ./cpm_debug.sh -t Login webservices crud Solr -s DEBUG               INFO
16:09:39,426 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:15 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# 
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# 
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# ./cpm_debug.sh -t Login webservices crud Solr -s INFO [Expert@MGTSERVER:0]#  [23Ptail $MDS_FWDIR/conf/tdlog.cpm
#TOPIC-DEBUG:login:SEVERITY:INFO
log4j.logger.com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl=INFO
#TOPIC-DEBUG:webservices:SEVERITY:INFO
log4j.logger.com.checkpoint.management.web_services.internal=INFO
#TOPIC-DEBUG:crud:SEVERITY:INFO
log4j.logger.com.checkpoint.management.web_services.dleserver.internal.ObjectCrudRemoteSvcImpl=INFO
log4j.logger.com.checkpoint.management.dleserver.coresvc.internal.ObjectCrudSvcImpl=INFO
#TOPIC-DEBUG:solr:SEVERITY:INFO
log4j.logger.com.checkpoint.management.object_store.fts=INFO
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# 
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# 
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# 
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# 
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# fw debug fwm on TDERROR_ALL_ALL=5
 Cannot signal process fwm (3980), make sure the process is running.: No such process
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# fw debug fwm on TDERROR_DBG_OPT=time,host,prog,topic,pid,ti d
 Cannot signal process fwm (3980), make sure the process is running.: No such process
 ]0;admin@MGTSERVER:/opt/CPsuite-R80/fw1/scripts [Expert@MGTSERVER:0]# tail                          cpinfo
I'm Rebuilding, disaster recovery mindset:
- Shutdown corrupted System
- Deployment New VM with R80.10 Build 421 Take 15.
- Initial configuration wizard Gaia config done with orginal IP and Hostname
- Copied Several Backups from before the Host Maintenance
-Check proceses that failed on the original VM (clean build without imports) proceses are OK
-Login with SmartConsole
- Loads with no issue (albeit its a blank console with nothing but defaults)
- Login to Gaia Web UI and import the backups to the repository
-Perform Restore of most current backup
- Restore succeeds, system reboots
- BACK TO SQUARE 1 (original issue is now replicated on the New VM, by the way if its not obvious, this was not the goal!)
Note at this point: A case from the past which has not yet been resolved seems to be related to what we are experiencing now. We had a case open with CP regarding the validation errors from when we first migrated over to R80.10. They asked for a migrate export so they could determine why. They(i'm not sure what tier of engineering support was working on this) informed us that they were unable to recreate within their environment with the exports provided. It lights the bulb and rings the bell now, but at the time operations were not affected because of it. It was 3 little warnings saying a certain object (which was no longer used in the policy) was causing a validation error.
I have some questions/facts, Panic Mode:
- Right now the gateways are logging locally , what happens if they run out of log space? (crashing gateways, or just overwrites in existing logs)
- I have backups created from the webui->system backups (there are NO snapshots in either the MGTSERVER or VMWARE)
- I have the pre R80 upgrade, migrate export
- I have gateways which have the latest policy installed.....
Worst Case if I'm SOL:
Is there any way to extract either the objects / rulebase from any of the above resources and import into a blank or clean install of the Management Server?
Thanks,
Syed
Fyi something noteworthy would be that /var/log is mapped to a LUN on the SAN. Its never been a problem, but /var/log is a 3TB volume where all of our gateways centrally log to. It has been attached to the new vm after the restore process was completed. I just wanted to point out that it is a piece in the sequence of reconfiguration when the new VM was brought online.
Please read this entire post and its warnings before taking any action.
Hmm I've seen something like this before, although not specifically in R80.10. The fwm and cpm processes not getting off the ground is a major clue. In R77.30 and earlier, on several occasions over the years I observed fwm bombing out on initialization because it could not find a valid certificate for the SMS and therefore itself. Because it did not have a valid certificate to present, it would never allow GUI connections and would never start. The debugs you provided seem to point towards a SMS SIC issue which tracks with what I've seen before.
The solution was to either generate a new SMS certificate or to simply reinitialize the entire ICA completely from cpconfig which would generate a new SMS certificate. HOWEVER while it would allow access back into the SmartDashboard, it would immediately break SIC with all managed gateways, and could also cause a delayed or immediate failure of any Intranet site to site VPNs using certificates (due to CRL retrieval problems) if configured between the managed gateways. SIC can be reset without causing an outage on the gateways with the steps in sk86521, and you can check the current state of the SMS certificate with the steps in sk62873. Did the clock get screwed up on the SMS? Any chance it thinks the SMS certificate is expired?
I'd strongly suggest proceeding under the guidance of Check Point support with these topics in mind before doing anything, messing around with the ICA and certificates (which is where I think your problem lies) can rapidly put you in a production-impacting catch-22 that will be very difficult to escape from. Don't ask me how I know all this...
--
 My book "Max Power: Check Point Firewall Performance Optimization" 
 now available via http://maxpowerfirewalls.com.
Thank you for the insight Tim. I have never encountered anything of this nature. I will get with support regarding this information.
After contacting support I could:
-Bring up the VM in an isolated environment (which cannot communicate with any gateways in the production environment) with a win7 vm and smartconsole installed.
- Generate a new SMS certificate or to simply reinitialize the entire ICA completely from cpconfig as suggested within this isolated environment
This would allow me to at least verify that Management server and its services are online after the SMS cerrtificate is generated and validate that the objects/policy are intact.
Your thoughts regarding recreating in an isolated environment ?
Syed
TAC has been involved, its been a long day!
Notes from the case thus far:
The test VM loaded with system backup failed due to 2 cp_mgmt certificate, which is ongoing issue and has been addressed by R&D on TASK 73819
We proceed VM snapshot and tried to reset the SIC on test VM based on sk114236 
 
 However, this step did not improve the situation anyhow. It no longer complain on SICname, but with another database expection "No ObjectStoreSession found" @Transcational
 
 At this moment, the CPM is still down. 
Syed 8:45 P.M. 10/8/2017
Still waiting on R&D to get back, but internal efforts have led to some progress... (2 steps forward 1 step back)
Quoting our update to Checkpoint support from a Valued Partner that has been working with us while we wait for Checkpoint Support to get back:
"This evening we performed the following restoration activities and report several observations here.
An isolated vmware test environment was established. A new R80.10 management server was installed and the R77.30 upgrade_export files from July 2017 were imported. This restored the environment to a known good state. Access to the management server was confirmed via ssh, webui and Smart Dashboard. We then removed two NAT rules associated with Dummy Management Server (a secondary management object with an external IP) and deleted that object.
The R80.10 management environment appeared to function fine in the isolated environment. We then moved the management server from test to prod. Once we did that access from the Smart Dashboard failed with a certificate revoked error. The error was observed on the Smart Dashboard login screen. cpca_client lscert -stat shows no valid management certificates.
Moving the R80.10 management server back to the test restored access from Smart Dashboard. The management server is now in test and functional for further troubleshooting (isolated from all gateways)."
Syed 1:15 A.M. 10/9/2017
Thanks for the update. Sounds like there are issues with the ICA and/or SMS certificate as I suspected. It tends to be rather difficult to simply make a few edits to fix certificate issues like this, as certificates by their very nature are highly resistant to any kind of "tampering". There is probably no way to avoid either regenerating a new certificate for the SMS itself, or even brutally resetting the ICA if you want to keep your current config and not restore a backup. Either action will break SIC with all managed gateways.
Hopefully I'm wrong, please let us know how it goes.
--
 My book "Max Power: Check Point Firewall Performance Optimization" 
 now available via http://maxpowerfirewalls.com.
I will reply with an update, we did reach a resolution.
Sent from VMware Boxer
Thanks for the direction TIm. I pointed this out early in the call with support and referenced them to this posting. I ended up spinning a new VM in an ISOLATED environment. I also had another vm created that would have smartconsole, putty, WinSCP and tools that I deemed necessary such as iso's for the clean install jumbo hotfix that we were on and our latest backup files. This made it easy for me to transfer back and forth within the isolated environment.
Long story short, it was SIC related. I will provide a more detailed briefing to follow. The bottom line is, we carried over a dummy object that was used for one of our externally managed gateways. This dummy object was created and an entry was created via GUIdbEdit to match this dummy object SIC name to the actual MGT Server SIC Name. The R&D team took the backups and exports we had and were able to replicate the issue in their environment. They ended up performing a series of cleanups by modifying the postgres DB to remove these entries for a duplicate SIC name for "cp_mgmt". Once this was cleaned up and services were verified to be running:
netstat -anp | grep fwm (should show established/listening, and not closed)
$FWDIR/scripts/cpm_status.sh (should show up and ready, previously stuck at initializing)
$FWDIR/scripts/server_status.sh(should also show server is ready for connections)
$FWDIR/log/cpm.elg was tailed during initialization to review for errors which the team then used to determine the underlying issue. I will post more detailed information soon.
Syed 10/10/17 2:30 P.M.
Great, thanks for the update. 90% of effective troubleshooting is knowing the right place to look, so I'm glad I was able to assist with that part at least. 🙂
--
 My book "Max Power: Check Point Firewall Performance Optimization" 
 now available via http://maxpowerfirewalls.com.
Syed, this post has just saved my bacon or, at the very least, bunch of time:)
I've run the Take_56 update on my lab SMS and lost communication with it in spite of process reportedly completing successfully, according to CPUSE.
Interestingly enough, $FWDIR/scripts/server_status.sh seem to prod the server into responding with no further troubleshooting required. It took a while to return:
[Expert@SMS8010:0]# $FWDIR/scripts/server_status.sh
Checking server status. Please wait...
14:58:10,313 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:15 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local
Server is up and ready to receive connections
[Expert@SMS8010:0]#
But after that, no issues connecting from SmartConsole.
Thank you!
I'm glad the efforts that we took were able to assist you in your troubleshooting. Thanks for the feedback!
Hello, @Timothy_Hall 
I have an MDS version R81.20 with JHF Take 98.
Every so often, the MDS starts to malfunction and does not allow us to connect via SmartConsole.
The error is the well-known “Unable to connect to server.”
The only way to recover the connection is to “restart” the MDS.
Is there any way to identify why this happens from time to time?
Does access via SmartConsole depend on available hardware resources such as CPU/Disk/RAM?
Thank you for your comments.
You should involve Check Point TAC to investigate this issue.
Yes, the hardware specifications do matter. It’s possible that the management processes (such as CPM and FWM) are not able to handle the requests.
Could you please share the machine specifications?
For R81.20 here are the minimal hardware requirements for Open Server:
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RN/Content/Topics-RN/Open-Se...
cpm and fwm are the key processes the SmartConsole communicates with; if they have resource or stability problems you will experience SmartConsole access problems. First run cpwd_admin list from expert mode on the MDS to see if the watchdog is continually having to restart either of these processes or any other ones (i.e. #START>1).
The next step is to check if anything interesting is being logged into $FWDIR/log/cpm.elg or $FWDIR/log/fwm.elg when the issue occurs indicating a problem.
Finally, do you have any third-party products heavily accessing your Check Point management environment via the API? (Tufin, etc.) I've seen several cases where these products become overly aggressive via the API, significantly impacting SmartConsole access. If the problem recurs might be interesting to run api off and see if it clears the problem.
Hi
I do not have any third party products trying to connect to MDS.
These files:
$FWDIR/log/cpm.elg or $FWDIR/log/fwm.elg
Are these files to be collected to send to TAC? Or you can ‘try to read’ them yourself from the CLI?
Is it useful to read them with the ‘cat’ when the problem is occurring?
Thanks
TAC would also need to now the hardware specifications (as I wrote previously).
They will probably ask you for a CPinfo file that includes all the relevant data.
fwm.elg is a text file (all .elg files are, as I recall).
It may or may not tell you what is going on.
It will, as @Tal_Paz-Fridman be captured as part of a cpinfo.
We have upgraded our MDS farm to Take 111 to address some specific MDS issues. Jumbo Take 98 is not one I recommend on MDS machines. We had a serious amount of issues with it on MDS machines. Take 99 was much better.
MDS reources is a serious thing to considere. I tend to use top a lot to get a feel for things. If the system averages over 50% CPU load then you may want to considere more CPU cores. A generous amount of Memory helps a lot. As any spare memory is used for buffering saving a lot on Disk IO latency issues.
On vmware make sure you read up on https://support.checkpoint.com/results/sk/sk104848 as that disk issue has a significant impact on the system if you don't care of it. So far we had no need to tweak with the number of IO request but 3 policy installatons at the same time has been our maximum on a MDS machine with 15 domains. With an increase in domains and more administrators that may change in the future.
I am also having the same issue on my test environment and I have run out of SK to make this work.
Hello
Can someone please share any further feedback regarding this issue. I have my lab setup with SMS server and 2 Gateway cluster.I was prompted to for updates (R80.10 Jumbo Hotfix Accumulator General Availability Take 56). The reason i was tempted for update was my ssh connection to gateway was allowed and can see accepted in logs but was not able to establish ssh / Web UI.
Reading some of the Check Point articles, I was tempted to do download and install update on SMS and 2 member gateway clusters. After the update, I am getting message "Unable to connect to server" on SmartConsole.
Output of $MDS_FWDIR/scripts/server_status.sh shows "failed to check status, cpm server is probably down"
output of $MDS_FWDIR/scripts/cpm_status.sh shows Check Point Security Management Server is not running.
From the previous comments, i understand it SIC related issue. So i tried to run cpconfig on SMS with option 3 for GUI clients, but getting message "failed to connect to database"
I tried cpconfig on gateway cluster member with option 5 (re initialize communication) along with cpstop and cpstart but still cannot connect to smart console.
I also checked Unable to Connect to Server and noticed comment "Allow traffic on this port 19009 - for all clients and management servers.Though i am not sure how to check if 19009 is already allowed as i have lost my smartconsole
connection..
I cannot check GUI Clients from Web UI as i get message "Management server cannot be reached. Check you management configuration and try again.
Here is some more information to see if someone can assist. i have sent Support team email to see if they can assist.
Tried re setting SIC from SMS but no luck
xpert@A-SMS:0]# fwm sic_reset
***************** Warning: ****************
This operation will reset the Secure Internal Communication (SIC).
The internal Certificate Authority will be destroyed and ALL remote Check Point                                                                                         Components,
including VPN and Endpoint clients, will not be able to communicate.
In case of Endpoint & VPN clients, this action is not REVERSIBLE which means tha                                                                                        t clients
will lose connection with the Server and the only way to re-establish it can be                                                                                         done by
re-issuing all certificates (for VPN) or by the re-connect tool for Endpoint cli                                                                                        ents.
Server communication can be re-established if the following operations are imple                                                                                        mented:
1. Re-initialize the Internal Certificate Authority (use cpconfig).
2. Restart Check Point Services (cpstart, cpridstart).
3. Reset SIC on each Station that is managed by this Security Management Server.
4. Re-establish Trust with each Station that is managed by
   this Security Management Server.
*******************************************
This operation will stop all Check Point Services (cpstop)
Are you sure you want to reset? (y/n) [n] ? y
*** Checking IKE Certificates ***
 Failed to connect to NGM server
=================================================================
A-SMS> cpconfig
This program will let you re-configure
your Check Point Security Management Server configuration.
Configuration Options:
----------------------
(1)  Licenses and contracts
(2)  Administrator
(3)  GUI Clients
(4)  SNMP Extension
(5)  Random Pool
(6)  Certificate Authority
(7)  Certificate's Fingerprint
(8)  Automatic start of Check Point Products
(9) Exit
Enter your choice (1-9) :3
Configuring GUI Clients...
==========================
GUI Clients are trusted hosts from which
Administrators are allowed to log on to this Security Management Server.
Failed to connect to database
===================================================
A-SMS> show installer packages
**  ************************************************************************* **
**              Connection error. Packages list might be incomplete           **
**  ************************************************************************* **
**  ************************************************************************* **
**                                 Hotfixes                                   **
**  ************************************************************************* **
Display name                                      Status
R80.10 Jumbo Hotfix Accumulator General
    Availability (Take 56)                        Installed
HOTFIX_R80_10                                     Installed (Legacy)
**  ************************************************************************* **
**                                   HFAs                                     **
**  ************************************************************************* **
Display name                                      Status
Check Point CPinfo build 182 for R80 and
    R80.10                                        Installed
R80.10 SmartConsole Build 024                     Installed
----------------------------------
Further more, from SMS,if i try to ping A gateway cluster member, i get reply destination host unreachable. if i try to ping A gateway 02, i get 100 % packet loss. However from A Gateway 01 and A Gateway 02, i can ping to SMS
From WebUI, i can bring up SMS 10.1.1.101. When i try to bring up A gateway 01, 10.1.1.1, i get message , site cannot be reached. if i try getting A gateway 02, 10.1.1.2, i see A-GW-01 (though i would normally say A-GW-02
I have issued fw unloadlocal to unistall policy to see if SIC get established.
Can someone please help?#
Masood,
Forget about gateways, your goal is to be able to get the SMS going.
If you are getting this:
$MDS_FWDIR/scripts/cpm_status.sh shows Check Point Security Management Server is not running.
It is indicative of exactly what it says: i.e. management server is not running, so there is nothing the Secure Internal Communication can help you with until it does.
If this is a lab environment and you have not yet invested too much time in configuring it, I'd suggest re-installing management server from scratch using ISO on sufficiently large virtual hard drive, so that there will be ample space to download and install HFAs, as well as allow for logging, backups and, possibly, snapshots.
During installation, you'll be prompted to specify SIC, write it down.
Once it is reinstalled, reset SIC on Gateways only using CLI.
Verify that your SmartConsole is the same or compatible version with the HFA of the SMS.
Connect to it, you should have no issues doing that at this point, you'll be prompted with new fingerprint, accept it.
Define new gateway objects specifying Open Server, Gaia and R80.10.
Establish SIC with them here:

Click "OK" to get out of "Trusted Communication" window and proceed to configure Networking executing "Get Interfaces with Topology".
Continue with cluster configuration.
Hi Vladimir ,
Thanks for your reply. Yes this is lab environment. I had bit of discussion with someone about this issue and I was asked to rebuild SMS. I will see if i can get cop of my SMS (which i guess i copied before installing policies etc). My understanding is if get original copy of SMS, i should not change name of my SMS otherwise i might have issue with SIC communication. My understanding is once SIC is established, it communicates with Gateway on the basis of name not on the basis of IP Address.
No,IP is important. Look-up the SK describing implication of changing it or the hostname on SMS.
How to renew SIC after changing IP Address of Security Management Server
How to change the IP Address of a Security Management
Also,what are you referring to when you are saying "copy of my SMS"?
Are you copying an existing VM and trying to make it work in the lab environment?
Hi,
I am hopping my SMS VM which I cloned before updating (R80.10 Jumbo Hotfix Accumulator General Availability Take 56) should work.
It should, but consider this:
If you are changing its IP, your license will stop working.
If you were using Centralized Licensing, and all of your gateway licenses were issued to the old IP of your SMS, those too will become unusable.
You cannot re-issue the licenses in the User Center to new IPs and maintain upgraded production environment running if you rely on any of the subscription blades.
So, if your goal is to fully emulate your production environment:
1. You'll have to obtain trial licenses for the lab implementation. You can request those from CP. I believe they will be able to provide you with at least one month or even more.
2. Change IPs as per SKs above.
Or: Place your lab environment behind static NAT using any number of solutions. I personally prefer VyOS, but you can use small Linux distros fro same purposes.
Alternatively, try adding second vNIC to your SMS and assigning it IP from different network. Leave the primary vNIC associated with the IP address to which license was issued on an isolated (Dead-End) port group (if using ESXi), or its analogues in Hyper-V.
If the prerequiste API is not running, the CPM service will not start. It will be in "initialization state"
Try the following steps: (Ver: R80.30)
Step 1
[Expert@cpfw-mds:0]# api status
API Settings:
---------------------
Accessibility: Require ip 127.0.0.1
Automatic Start: Enabled
Processes:
Name State PID More Information
-------------------------------------------------
API Stopped
CPM Starting 7434            Check Point Security Management Server is during initialization
FWM Started 10759
APACHE Started 4571
Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443
Apache port retrieved from: httpd-ssl.conf
--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
Step 2
[Expert@cpfw-mds:0]# mdsstop
Step 3
[Expert@cpfw-mds:0]# api start
2019-Nov-05 10:09:10 - Starting API...
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
2019-Nov-05 10:11:38 - API started successfully.
Step 4
[Expert@cpfw-mds:0]# mdsstart
Optional
[Expert@cpfw-mds:0]# api status
API Settings:
---------------------
Accessibility: Require ip 127.0.0.1
Automatic Start: Enabled
Processes:
Name State PID More Information
-------------------------------------------------
API Started 73002
CPM Started 74142                      Check Point Security Management Server is running and ready
APACHE Started 4571
Port Details:
-------------------
JETTY Internal Port: 50277
APACHE Gaia Port: 443
--------------------------------------------
Overall API Status: Started
--------------------------------------------
API readiness test SUCCESSFUL. The server is up and ready to receive connections
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 21 | |
| 17 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY