- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
We have implemented Checkpoint Mobile Capsule workspace solution to access some of our intranet web applications ,mail,calender....etc.However the push notifications are not working, though the setting is enabled on gateway and mobile devices as well. Any guesses why?
Hi,
1. Install real license on the Mobile Access Blade (you can use the attached guide)
2. Open all the relevant communications as appear in the following table:
Flow | Source | Destination | Ports & Services |
Workspace User authentication | CWS Server | AD | TCP 389 or TCP 636 |
Workspace EWS | CWS Server | EX | TCP 443 |
Workspace Push Notifications | EX | CWS Server | TCP 443 |
Workspace Push Notifications | CWS Server | PUSH (outside the internet) | TCP 443 (https://push.checkpoint.com) -> Also needs to do resolving TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl & http://crl.verisign.com/pca3-g5.crl)
|
GW to send Mail | CWS Server | EX or SMTP server | SMTP 25 |
Workspace admin | POC Admin Computer | CWS Server | TCP 18190, HTTPS 443, SSH 22 |
Workspace admin | POC Admin Computer | AD | TCP 389 or TCP 636 (for first wizard) |
Device to GW | Device | Check Point VM | TCP 443 |
Workspace User authentication | CWS Server | All other ADs (including internal Office 365 DC) |
|
3. If the steps above doesn't work, do the following:
1.1.1. Open GuiDBedit.
1.1.2. Search for enable_push_notification.
1.1.3. Change the value of enable_push_notification to "true" on each Mobile Access Gateway object that will send push notifications.
1.1.4. Save.
1.1.5. Open SmartDashboard.
1.1.6. Open each Mobile Access Gateway object and click "OK".
1.1.7. Install policy.
1.1.8. You may need to un-install and re-install the Capsule Workspace App on the mobile device.
1.1.9. Test to ensure that the push notifications are being received. "
1.2. Validate that you tried the following SKs:
1.3. On the Exchange Server – Install a self-signed certificate on the Exchange Server -> SK98203
1.4. On the Mobile Access Blade – In sk109039, please try to do the change under the following section: “(Optional) How and when to configure the callback URL to HTTPS instead of the default HTTP”.
1.5. On the Mobile Access Blade – Please ask me for the PushReport script, and run it on the GW and send us the output.
1.5.1. Copy PushTroubleshootingTool to /opt/CPcvpn-R77/bin/
1.5.2. Give it executable permissions: chmod +x /opt/CPcvpn-R77/bin/PushTroubleshootingTool
1.5.3. Copy PushReport to some directory on the GW
1.5.4. Give it executable permissions: chmod +x PushReport
1.5.5. Run PushReport
1.6 Do the following:
1.7. If all of the above things doesn’t work, Please open a Service Request.
Did you follow the steps in this SK? Push Notifications are not working on Capsule Workspace for Mobile Devices (IOS and Android)
May also want to review this SK and see if it applies: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ...
Push Notifications are not working on Capsule Workspace for Mobile Devices (IOS and Android)
|
It may not be required on R80.10... however did you review sk120334 (linked above) to see if it applies to your situation?
Hi,
1. Install real license on the Mobile Access Blade (you can use the attached guide)
2. Open all the relevant communications as appear in the following table:
Flow | Source | Destination | Ports & Services |
Workspace User authentication | CWS Server | AD | TCP 389 or TCP 636 |
Workspace EWS | CWS Server | EX | TCP 443 |
Workspace Push Notifications | EX | CWS Server | TCP 443 |
Workspace Push Notifications | CWS Server | PUSH (outside the internet) | TCP 443 (https://push.checkpoint.com) -> Also needs to do resolving TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl & http://crl.verisign.com/pca3-g5.crl)
|
GW to send Mail | CWS Server | EX or SMTP server | SMTP 25 |
Workspace admin | POC Admin Computer | CWS Server | TCP 18190, HTTPS 443, SSH 22 |
Workspace admin | POC Admin Computer | AD | TCP 389 or TCP 636 (for first wizard) |
Device to GW | Device | Check Point VM | TCP 443 |
Workspace User authentication | CWS Server | All other ADs (including internal Office 365 DC) |
|
3. If the steps above doesn't work, do the following:
1.1.1. Open GuiDBedit.
1.1.2. Search for enable_push_notification.
1.1.3. Change the value of enable_push_notification to "true" on each Mobile Access Gateway object that will send push notifications.
1.1.4. Save.
1.1.5. Open SmartDashboard.
1.1.6. Open each Mobile Access Gateway object and click "OK".
1.1.7. Install policy.
1.1.8. You may need to un-install and re-install the Capsule Workspace App on the mobile device.
1.1.9. Test to ensure that the push notifications are being received. "
1.2. Validate that you tried the following SKs:
1.3. On the Exchange Server – Install a self-signed certificate on the Exchange Server -> SK98203
1.4. On the Mobile Access Blade – In sk109039, please try to do the change under the following section: “(Optional) How and when to configure the callback URL to HTTPS instead of the default HTTP”.
1.5. On the Mobile Access Blade – Please ask me for the PushReport script, and run it on the GW and send us the output.
1.5.1. Copy PushTroubleshootingTool to /opt/CPcvpn-R77/bin/
1.5.2. Give it executable permissions: chmod +x /opt/CPcvpn-R77/bin/PushTroubleshootingTool
1.5.3. Copy PushReport to some directory on the GW
1.5.4. Give it executable permissions: chmod +x PushReport
1.5.5. Run PushReport
1.6 Do the following:
1.7. If all of the above things doesn’t work, Please open a Service Request.
Daniel,
Do you have any specific constructions regarding notifications not working with Exchange 2013 ?
Mail is flowing correctly but notifications are not sent to the client application (Capsule work space).
All test above indicate correct connection with the exception of the periodic test that claims the exchange EWS service is not available (which it is).
You may also check if HTTP port (along with HTTPS) is allowed from Exchange server to the Checkpoint capsule gateway .We faced similar issue for one of our customers where the HTTP communication was blocked in their internal server(From Exchange > Checkpoint Capsule Gateway).After allowing HTTP and re-installation of Capsule workspace in mobile ,notifications started to work.
Are you referring to allowing access to EWS via HTTP ?? The gateway and Exchange server sit not he same subset. The exchange has a public issued cert and the CA that has issued it, is configured as a trusted CA in the checkpoint gateway. Excahnge_Registration parameter in the Checkpoint DB is configured to use HTTPs
Guys, Thank you for your replies. After further check we identified that CWS gateway didn't have the reachability towards https://push.checkpoint.com which caused all the notifications to be on queue.After allowing necessary access, queue reduced & emptied and notifications started to work fine.
Does anyone have some practical advice on how to resolve the issue of push notifications not working with MS exchange 2013 ???
Try to have the following rules opened:
Flow | Source | Destination | Ports & Services |
Workspace Push Notifications | CWS Server (StandAlone machine) | PUSH (outside the internet) | Customer need to enable communication to: 1. TCP 443 (https://push.checkpoint.com) 2. TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl 3. TCP80 http://crl.verisign.com/pca3-g5.crl) 4. http://crl.godaddy.com/gdig2s1-797.crl
*This might get updated from time to time. See more info at: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
|
What is puropse for this four URL addresses ( especially CRL ones)?
All in place and verified
push notifications are still not working
I dint have the script,
can you please provide ??
Hi Daniel,
Please could provide me the push report, have sent you an email.
Thanks,
Kovan
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
1 | |
1 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY