Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Deepthi_Paul
Participant
Jump to solution

Push notification for Checkpoint Capsule Workspace

We have implemented Checkpoint Mobile Capsule workspace solution to access some of our intranet web applications ,mail,calender....etc.However the push notifications are not working, though the setting is enabled on gateway and mobile devices as well. Any guesses why?

1 Solution

Accepted Solutions
Daniel_Dor
Employee Alumnus
Employee Alumnus

Hi,

1. Install real license on the Mobile Access Blade (you can use the attached guide)
2. Open all the relevant communications as appear in the following table:

Flow

Source

Destination

Ports & Services

Workspace User authentication

CWS Server

AD

TCP 389 or TCP 636

Workspace EWS

CWS Server

EX

TCP 443

Workspace Push Notifications

EX

CWS Server

TCP 443

Workspace Push Notifications

CWS Server

PUSH (outside the internet)

TCP 443 (https://push.checkpoint.com) -> Also needs to do resolving

TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

& http://crl.verisign.com/pca3-g5.crl)

 

 

GW to send Mail

CWS Server

EX or SMTP server

SMTP 25

Workspace admin

POC Admin Computer

CWS Server

TCP 18190, HTTPS 443, SSH 22

Workspace admin

POC Admin Computer

AD

TCP 389 or TCP 636 (for first wizard)

Device to GW

Device

Check Point VM

TCP 443

Workspace User authentication

CWS Server

All other ADs (including internal Office 365 DC)

 

3. If the steps above doesn't work, do the following:

  1.  1.1 Validate that you enabled push notification on the server:

1.1.1.      Open GuiDBedit. 

1.1.2.      Search for enable_push_notification. 

1.1.3.      Change the value of enable_push_notification to "true" on each Mobile Access Gateway object that will send push notifications. 

1.1.4.      Save. 

1.1.5.      Open SmartDashboard. 

1.1.6.      Open each Mobile Access Gateway object and click "OK". 

1.1.7.      Install policy. 

1.1.8.      You may need to un-install and re-install the Capsule Workspace App on the mobile device. 

1.1.9.      Test to ensure that the push notifications are being received. "

1.2.   Validate that you tried the following SKs:

1.2.1.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.2.2.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.3.   On the Exchange Server – Install a self-signed certificate on the Exchange Server -> SK98203

1.4.   On the Mobile Access Blade – In sk109039, please try to do the change under the following section: “(Optional) How and when to configure the callback URL to HTTPS instead of the default HTTP”.

1.5.   On the Mobile Access Blade – Please ask me for the PushReport  script, and run it on the GW and send us the output.

1.5.1.      Copy PushTroubleshootingTool to /opt/CPcvpn-R77/bin/

1.5.2.      Give it executable permissions: chmod +x /opt/CPcvpn-R77/bin/PushTroubleshootingTool

1.5.3.      Copy PushReport to some directory on the GW

1.5.4.      Give it executable permissions: chmod +x PushReport

1.5.5.      Run PushReport

1.6 Do the following:

  • Change the Callback URL in the GUI DB Edit to -> https://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me know what the results
  • Change the Callback URL in the GUI DB Edit to -> http://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me what the results

1.7.   If all of the above things doesn’t work, Please open a Service Request.

View solution in original post

16 Replies
PhoneBoy
Admin
Admin
Deepthi_Paul
Participant

Push Notifications are not working on Capsule Workspace for Mobile Devices (IOS and Android)    

 SK106960 refers to the add on which needs to be installed on Security Mgmt which runs on 77.20 &77.30.But in our case ,its R80.10. I couldnt find any SK which details about the hotfix requirement on R80.10 for mobile access blade.
0 Kudos
PhoneBoy
Admin
Admin

It may not be required on R80.10... however did you review sk120334 (linked above) to see if it applies to your situation? 

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus

Hi,

1. Install real license on the Mobile Access Blade (you can use the attached guide)
2. Open all the relevant communications as appear in the following table:

Flow

Source

Destination

Ports & Services

Workspace User authentication

CWS Server

AD

TCP 389 or TCP 636

Workspace EWS

CWS Server

EX

TCP 443

Workspace Push Notifications

EX

CWS Server

TCP 443

Workspace Push Notifications

CWS Server

PUSH (outside the internet)

TCP 443 (https://push.checkpoint.com) -> Also needs to do resolving

TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

& http://crl.verisign.com/pca3-g5.crl)

 

 

GW to send Mail

CWS Server

EX or SMTP server

SMTP 25

Workspace admin

POC Admin Computer

CWS Server

TCP 18190, HTTPS 443, SSH 22

Workspace admin

POC Admin Computer

AD

TCP 389 or TCP 636 (for first wizard)

Device to GW

Device

Check Point VM

TCP 443

Workspace User authentication

CWS Server

All other ADs (including internal Office 365 DC)

 

3. If the steps above doesn't work, do the following:

  1.  1.1 Validate that you enabled push notification on the server:

1.1.1.      Open GuiDBedit. 

1.1.2.      Search for enable_push_notification. 

1.1.3.      Change the value of enable_push_notification to "true" on each Mobile Access Gateway object that will send push notifications. 

1.1.4.      Save. 

1.1.5.      Open SmartDashboard. 

1.1.6.      Open each Mobile Access Gateway object and click "OK". 

1.1.7.      Install policy. 

1.1.8.      You may need to un-install and re-install the Capsule Workspace App on the mobile device. 

1.1.9.      Test to ensure that the push notifications are being received. "

1.2.   Validate that you tried the following SKs:

1.2.1.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.2.2.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.3.   On the Exchange Server – Install a self-signed certificate on the Exchange Server -> SK98203

1.4.   On the Mobile Access Blade – In sk109039, please try to do the change under the following section: “(Optional) How and when to configure the callback URL to HTTPS instead of the default HTTP”.

1.5.   On the Mobile Access Blade – Please ask me for the PushReport  script, and run it on the GW and send us the output.

1.5.1.      Copy PushTroubleshootingTool to /opt/CPcvpn-R77/bin/

1.5.2.      Give it executable permissions: chmod +x /opt/CPcvpn-R77/bin/PushTroubleshootingTool

1.5.3.      Copy PushReport to some directory on the GW

1.5.4.      Give it executable permissions: chmod +x PushReport

1.5.5.      Run PushReport

1.6 Do the following:

  • Change the Callback URL in the GUI DB Edit to -> https://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me know what the results
  • Change the Callback URL in the GUI DB Edit to -> http://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me what the results

1.7.   If all of the above things doesn’t work, Please open a Service Request.

Spectrumtech_MS
Explorer

Daniel,

Do you have any specific constructions regarding notifications not working with Exchange 2013 ?

Mail is flowing correctly but notifications are not sent to the client application (Capsule work space).

All test above indicate correct connection with the exception of the periodic test that claims the exchange EWS service is not available (which it is).

0 Kudos
Deepthi_Paul
Participant

You may also check if HTTP port (along with HTTPS) is allowed from Exchange server to the Checkpoint capsule gateway .We faced similar issue for one of our customers where the HTTP communication was blocked in their internal server(From Exchange > Checkpoint Capsule Gateway).After allowing HTTP and re-installation of Capsule workspace in mobile ,notifications started to work.

0 Kudos
Spectrumtech_MS
Explorer

Are you referring to allowing access to EWS via HTTP ?? The gateway and Exchange server sit not he same subset. The exchange has a public issued cert and the CA that has issued it, is configured as a trusted CA in the checkpoint gateway. Excahnge_Registration parameter in the Checkpoint DB is configured to use HTTPs

0 Kudos
Deepthi_Paul
Participant

Guys,  Thank you for your replies. After further check we identified that CWS gateway didn't have the reachability towards  https://push.checkpoint.com which caused all the notifications to be on queue.After allowing necessary access, queue reduced & emptied and notifications started to work fine.

Spectrumtech_MS
Explorer

Does anyone have some practical advice on how to resolve the issue of push notifications not working with MS exchange 2013 ???

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus

Try to have the following rules opened:

Flow

Source

Destination

Ports & Services

Workspace Push Notifications

CWS Server (StandAlone machine)

PUSH (outside the internet)

Customer need to enable communication to:

1.     TCP 443 (https://push.checkpoint.com)

2.     TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

3.     TCP80 http://crl.verisign.com/pca3-g5.crl)

4.  http://crl.godaddy.com/gdig2s1-797.crl

5.       http://crl.entrust.net

 

*This might get updated from time to time. See more info at: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
ShemHunter
Explorer

What is puropse for this four URL addresses ( especially CRL ones)? 

0 Kudos
Spectrumtech_MS
Explorer

All in place and verified 

push notifications are still not working 

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus

Hi,

Did you run the PushReport Script? What does it says?

D

0 Kudos
Spectrumtech_MS
Explorer

I dint have the script,

can you please provide ??

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus

Send me your email to danieldor@checkpoint.com<mailto:danieldor@checkpoint.com> I will assist ☺

D

Kovan78
Explorer

Hi Daniel,

Please could provide me the push report, have sent you an email.

Thanks,

Kovan

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events