- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We have recently moved a mobile mail remote access solution from an old gateway to a new one. Both are currently operational. Every so often, maybe 3-4 times per day, the new gateway seems to fail. There is nothing in the normal logs, and the service just seems to come back again between 30 and 90 minutes later. No-one does anything it just stops and starts seemingly randomly. Bothe gateways are configured the same, and at the same Datacentre, but this is only impacting the new gateway. Both are on R80.10, but not for much longer once I get this issue resolved.
When browsing to the Checkpoint Capsule web page, which normally loads with a username / password prompt the page simply says "Error: Page cannot be displayed. An error occurred while processing the request."
When connecting from the capsule client an error comes up saying "Failed to connect: Network error occurred during login." This comes up immediately after the user enters their username/password and it does not matter if the password is right or wrong. There is no 1/2 to 1 second delay like you'd expect with a normal LDAP lookup.
The firewall hosting the service does not seem to experience any 'network failures' and is a gateway to a highly critical transactional processing system where by even a blip for 1 second is noticed, yet the issue can last for up to 90 minutes (observed).
In the logs I see the incoming https connection which is accepted, then nothing more, no login data being rejected or accepted, nothing. I can't find anything on the internet covering this specific issue. Anyone seen this or similar before, or could you point me to other logs which may show what happens immediately a client connects.
Thanks Matt
I would suggest to contact TAC to get this resolved asap!
Following up:
i had the same issue here.
The MAB gateway seems to accept the connection and the user is succesfully authenticated, but on the Capsule Workspace we get the same error, did someone found the solution for this?
I was provided with a hotfix for this, however the client has not been able to schedule a suitable change window to deploy it. The odd thing is the fault seems to have gone away as we have not had a failure in several months now. The gateways have not been rebooted, or any major changes made. Traffic patterns are mostly the same, though they do seem to have fewer remote connections at the moment.
My gut feel is it has something to do with the number of simultaneous connections, or possibly some connectivity thing through to the Active Directory. I don’t know and have not investigated further since being provided with the hotfix. I am literally planning the upgrade of these boxes now, I assume whatever fix Checkpoint made it is probably included in the latest take.
You could possibly refer the Checkpoint engineer back to my case which was SR# 6-0002383768. The last time it failed for me was in January of this year on R80.10 with take 283 (I think it was 283). I have not had any instance of failure on my R80.40 cluster which is set up the same way.
Hi nzmatto,
thanks for your reply, we have our gateways running on R81.10, and there we're currently facing this issue, for which i've opened a TAC. i will defenitely refer on my Ticket your SR Number.
Thanks.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY