This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Deepthi_Paul
Participant
‎2017-12-05 05:24 AM
Jump to solution

Push notification for Checkpoint Capsule Workspace

We have implemented Checkpoint Mobile Capsule workspace solution to access some of our intranet web applications ,mail,calender....etc.However the push notifications are not working, though the setting is enabled on gateway and mobile devices as well. Any guesses why?

1 Solution

Accepted Solutions
Daniel_Dor
Employee Alumnus
Employee Alumnus
‎2017-12-07 08:15 AM
Jump to solution

Hi,

1. Install real license on the Mobile Access Blade (you can use the attached guide)
2. Open all the relevant communications as appear in the following table:

Flow

Source

Destination

Ports & Services

Workspace User authentication

CWS Server

AD

TCP 389 or TCP 636

Workspace EWS

CWS Server

EX

TCP 443

Workspace Push Notifications

EX

CWS Server

TCP 443

Workspace Push Notifications

CWS Server

PUSH (outside the internet)

TCP 443 (https://push.checkpoint.com) -> Also needs to do resolving

TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

& http://crl.verisign.com/pca3-g5.crl)

 

 

GW to send Mail

CWS Server

EX or SMTP server

SMTP 25

Workspace admin

POC Admin Computer

CWS Server

TCP 18190, HTTPS 443, SSH 22

Workspace admin

POC Admin Computer

AD

TCP 389 or TCP 636 (for first wizard)

Device to GW

Device

Check Point VM

TCP 443

Workspace User authentication

CWS Server

All other ADs (including internal Office 365 DC)

 

3. If the steps above doesn't work, do the following:

  1.  1.1 Validate that you enabled push notification on the server:

1.1.1.      Open GuiDBedit. 

1.1.2.      Search for enable_push_notification. 

1.1.3.      Change the value of enable_push_notification to "true" on each Mobile Access Gateway object that will send push notifications. 

1.1.4.      Save. 

1.1.5.      Open SmartDashboard. 

1.1.6.      Open each Mobile Access Gateway object and click "OK". 

1.1.7.      Install policy. 

1.1.8.      You may need to un-install and re-install the Capsule Workspace App on the mobile device. 

1.1.9.      Test to ensure that the push notifications are being received. "

1.2.   Validate that you tried the following SKs:

1.2.1.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.2.2.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.3.   On the Exchange Server – Install a self-signed certificate on the Exchange Server -> SK98203

1.4.   On the Mobile Access Blade – In sk109039, please try to do the change under the following section: “(Optional) How and when to configure the callback URL to HTTPS instead of the default HTTP”.

1.5.   On the Mobile Access Blade – Please ask me for the PushReport  script, and run it on the GW and send us the output.

1.5.1.      Copy PushTroubleshootingTool to /opt/CPcvpn-R77/bin/

1.5.2.      Give it executable permissions: chmod +x /opt/CPcvpn-R77/bin/PushTroubleshootingTool

1.5.3.      Copy PushReport to some directory on the GW

1.5.4.      Give it executable permissions: chmod +x PushReport

1.5.5.      Run PushReport

1.6 Do the following:

  • Change the Callback URL in the GUI DB Edit to -> https://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me know what the results
  • Change the Callback URL in the GUI DB Edit to -> http://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me what the results

1.7.   If all of the above things doesn’t work, Please open a Service Request.

View solution in original post

16 Replies
PhoneBoy
Admin
Admin
‎2017-12-06 07:41 PM
Jump to solution

Did you follow the steps in this SK? Push Notifications are not working on Capsule Workspace for Mobile Devices (IOS and Android) 

May also want to review this SK and see if it applies: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ... 

Deepthi_Paul
Participant
‎2017-12-06 10:00 PM
In response to PhoneBoy
Jump to solution

Push Notifications are not working on Capsule Workspace for Mobile Devices (IOS and Android)    

 SK106960 refers to the add on which needs to be installed on Security Mgmt which runs on 77.20 &77.30.But in our case ,its R80.10. I couldnt find any SK which details about the hotfix requirement on R80.10 for mobile access blade.
0 Kudos
PhoneBoy
Admin
Admin
‎2017-12-07 08:05 AM
In response to Deepthi_Paul
Jump to solution

It may not be required on R80.10... however did you review sk120334 (linked above) to see if it applies to your situation? 

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus
‎2017-12-07 08:15 AM
Jump to solution

Hi,

1. Install real license on the Mobile Access Blade (you can use the attached guide)
2. Open all the relevant communications as appear in the following table:

Flow

Source

Destination

Ports & Services

Workspace User authentication

CWS Server

AD

TCP 389 or TCP 636

Workspace EWS

CWS Server

EX

TCP 443

Workspace Push Notifications

EX

CWS Server

TCP 443

Workspace Push Notifications

CWS Server

PUSH (outside the internet)

TCP 443 (https://push.checkpoint.com) -> Also needs to do resolving

TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

& http://crl.verisign.com/pca3-g5.crl)

 

 

GW to send Mail

CWS Server

EX or SMTP server

SMTP 25

Workspace admin

POC Admin Computer

CWS Server

TCP 18190, HTTPS 443, SSH 22

Workspace admin

POC Admin Computer

AD

TCP 389 or TCP 636 (for first wizard)

Device to GW

Device

Check Point VM

TCP 443

Workspace User authentication

CWS Server

All other ADs (including internal Office 365 DC)

 

3. If the steps above doesn't work, do the following:

  1.  1.1 Validate that you enabled push notification on the server:

1.1.1.      Open GuiDBedit. 

1.1.2.      Search for enable_push_notification. 

1.1.3.      Change the value of enable_push_notification to "true" on each Mobile Access Gateway object that will send push notifications. 

1.1.4.      Save. 

1.1.5.      Open SmartDashboard. 

1.1.6.      Open each Mobile Access Gateway object and click "OK". 

1.1.7.      Install policy. 

1.1.8.      You may need to un-install and re-install the Capsule Workspace App on the mobile device. 

1.1.9.      Test to ensure that the push notifications are being received. "

1.2.   Validate that you tried the following SKs:

1.2.1.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.2.2.      https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1.3.   On the Exchange Server – Install a self-signed certificate on the Exchange Server -> SK98203

1.4.   On the Mobile Access Blade – In sk109039, please try to do the change under the following section: “(Optional) How and when to configure the callback URL to HTTPS instead of the default HTTP”.

1.5.   On the Mobile Access Blade – Please ask me for the PushReport  script, and run it on the GW and send us the output.

1.5.1.      Copy PushTroubleshootingTool to /opt/CPcvpn-R77/bin/

1.5.2.      Give it executable permissions: chmod +x /opt/CPcvpn-R77/bin/PushTroubleshootingTool

1.5.3.      Copy PushReport to some directory on the GW

1.5.4.      Give it executable permissions: chmod +x PushReport

1.5.5.      Run PushReport

1.6 Do the following:

  • Change the Callback URL in the GUI DB Edit to -> https://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me know what the results
  • Change the Callback URL in the GUI DB Edit to -> http://10.113.0.66/ExchangeRegistration -> try to send email -> try to see if you get the push -> If not run the script we did yesterday to test the connectivity -> let me what the results

1.7.   If all of the above things doesn’t work, Please open a Service Request.

Spectrumtech_MS
Explorer
‎2018-06-27 10:55 PM
In response to Daniel_Dor
Jump to solution

Daniel,

Do you have any specific constructions regarding notifications not working with Exchange 2013 ?

Mail is flowing correctly but notifications are not sent to the client application (Capsule work space).

All test above indicate correct connection with the exception of the periodic test that claims the exchange EWS service is not available (which it is).

0 Kudos
Deepthi_Paul
Participant
‎2018-06-27 11:33 PM
In response to Spectrumtech_MS
Jump to solution

You may also check if HTTP port (along with HTTPS) is allowed from Exchange server to the Checkpoint capsule gateway .We faced similar issue for one of our customers where the HTTP communication was blocked in their internal server(From Exchange > Checkpoint Capsule Gateway).After allowing HTTP and re-installation of Capsule workspace in mobile ,notifications started to work.

0 Kudos
Spectrumtech_MS
Explorer
‎2018-06-27 11:40 PM
In response to Deepthi_Paul
Jump to solution

Are you referring to allowing access to EWS via HTTP ?? The gateway and Exchange server sit not he same subset. The exchange has a public issued cert and the CA that has issued it, is configured as a trusted CA in the checkpoint gateway. Excahnge_Registration parameter in the Checkpoint DB is configured to use HTTPs

0 Kudos
Deepthi_Paul
Participant
‎2017-12-09 11:48 PM
Jump to solution

Guys,  Thank you for your replies. After further check we identified that CWS gateway didn't have the reachability towards  https://push.checkpoint.com which caused all the notifications to be on queue.After allowing necessary access, queue reduced & emptied and notifications started to work fine.

Spectrumtech_MS
Explorer
‎2018-06-28 04:01 AM
Jump to solution

Does anyone have some practical advice on how to resolve the issue of push notifications not working with MS exchange 2013 ???

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus
‎2018-06-28 04:22 AM
In response to Spectrumtech_MS
Jump to solution

Try to have the following rules opened:

Flow

Source

Destination

Ports & Services

Workspace Push Notifications

CWS Server (StandAlone machine)

PUSH (outside the internet)

Customer need to enable communication to:

1.     TCP 443 (https://push.checkpoint.com)

2.     TCP80(http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

3.     TCP80 http://crl.verisign.com/pca3-g5.crl)

4.  http://crl.godaddy.com/gdig2s1-797.crl

5.       http://crl.entrust.net

 

*This might get updated from time to time. See more info at: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
ShemHunter
Participant
‎2024-01-23 05:02 AM
In response to Daniel_Dor
Jump to solution

What is puropse for this four URL addresses ( especially CRL ones)? 

0 Kudos
Spectrumtech_MS
Explorer
‎2018-06-28 04:31 AM
Jump to solution

All in place and verified 

push notifications are still not working 

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus
‎2018-06-28 04:38 AM
In response to Spectrumtech_MS
Jump to solution

Hi,

Did you run the PushReport Script? What does it says?

D

Preview file
1 KB
Preview file
19 KB
0 Kudos
Spectrumtech_MS
Explorer
‎2018-06-28 04:40 AM
Jump to solution

I dint have the script,

can you please provide ??

0 Kudos
Daniel_Dor
Employee Alumnus
Employee Alumnus
‎2018-06-28 05:31 AM
In response to Spectrumtech_MS
Jump to solution

Send me your email to danieldor@checkpoint.com<mailto:danieldor@checkpoint.com> I will assist ☺

D

Preview file
19 KB
Preview file
1 KB
Kovan78
Explorer
‎2020-09-21 06:33 AM
In response to Daniel_Dor
Jump to solution

Hi Daniel,

Please could provide me the push report, have sent you an email.

Thanks,

Kovan

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events