This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luis_Miguel_Mig
Advisor
‎2021-04-30 09:09 AM

smartevent error

Hi,
the smartevent client blade  r80.40 take 102 gives the following error a couple of times per day. What does it mean? 

I have tested it in my datacenter and in the cloud with and without proxy and I see the same errors. I guess that anyone using smartevent may be getting this error.

The analysis of a network capture matching this error shows a connection to https://updates.checkpoint.com,
updates.checkpoint.com sends application data after it has received the FIN from the SMS and it has actually replied with the FIN/ACK.
When the app data packet get to the SMS, the SMS replies with a TCP RST as expected


Time: 2021-04-30T10:14:52Z
Id: 0a470b47-2f94-770a-608b-d89c00040001
Sequencenum: 2
Description: Reports Update Web updates
Reason: Server replied with no results.
Severity: Medium
Status: Failed
Version: R80.40
Failure Impact: Reports Update Web updates failed
Update Service: 1
Type: Control
Blade: SmartEvent Client
Origin: fm
Product Family: Network
Marker: @A@@B@1619737200@C@24136
Log Server Origin: ip1
Orig Log Server Ip: ip1
Index Time: 2021-04-30T10:15:14Z
Lastupdatetime: 1619777692000
Lastupdateseqnum: 2
Rounded Sent Bytes: 0
Confidence Level: N/A
Rounded Bytes: 0
Stored: true
Rounded Received Bytes:0
Description:

 

 

2 Replies
Miri_Ofir
Employee
Employee
‎2021-05-02 01:16 AM

Hi Luis

We are not aware of an issue with this version in regards to connectivity to Check Point updates site.

You can follow sk83520 to check connectivity.

If you cannot identify an issue in your datacenter, I advise to work with Check Point Support to get help on that.

Regards,

Miri Ofir

Luis_Miguel_Mig
Advisor
‎2021-05-04 01:57 AM
In response to Miri_Ofir

The connectivity with updates.checkpoint.com is okay, but something is wrong at the app level.
My guess is that it happens in any R80.40 for any  customer in any environment.

curl_cli --cacert $CPDIR/conf/ca-bundle.crt --proxy proxy_ip:port -v -k https://updates.checkpoint.com/
* Trying proxy_ip...
* TCP_NODELAY set
* Connected to proxy_ip (proxy_ip) port (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to updates.checkpoint.com:443
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /opt/CPshrd-R80.40/conf/ca-bundle.crt
CApath: none
* *** Current date is: Tue May 4 09:52:02 2021
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* CONNECT phase completed!
* CONNECT phase completed!
* *** Current date is: Tue May 4 09:52:02 2021
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: CN=*.checkpoint.com
* start date: Dec 2 14:59:44 2020 GMT
* expire date: Jan 3 14:59:44 2022 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify ok.
* servercert: Finished
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Server: awselb/2.0
< Date: Tue, 04 May 2021 08:52:02 GMT
< Connection: keep-alive
<
* Connection #0 to host proxy_ip left intact
Page not found!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events