This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DmitriyDubovik
Contributor
‎2024-01-22 02:06 AM

Connectivity to the URL resources for push notifications Mobile Access

Good morning.

We are currently setting up push notifications for Capsule Workspace.

The documentation says that for proper notification work  we must have network access from the mobile access gateway to the following resources:

 

Click to Expand

To use push notifications, the Security Gateway must have connectivity to these URLs on ports 443 and 80:

 

Plus we, like it says in documentation, we use additional command to check a status of push notification and see this:

lllss1.png

 

There is information about connectivity to the additional URL: http://crl.entrust.net/levell1k.crl , that doesn t appear in the documentation file. For some reason it showing like doesn t connect, but it cannot be connected because it doesn t even resolve from dns, like http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

 

1. What is puropse for this four URL addresses ( especially CRL ones)? 

2. Is it necessary to make network access to all of them, given that at least 2 of them do not resolve?

 

 

 

Preview file
11 KB
0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2024-01-24 03:45 PM

In order to verify a TLS certificate is valid, you need access to the Certificate Revocation List.
That generally assumes the gateway has Internet access.

What version/JHF is the gateway here?
I assume we wouldn't try to use CRL addresses that don't exist...unless this is an old gateway version.

0 Kudos
kamilazat
Collaborator
‎2024-01-24 10:54 PM
In response to PhoneBoy

What version/JHF is the gateway here?
I assume we wouldn't try to use CRL addresses that don't exist...unless this is an old gateway version.

Do different gateway versions have different CRL sources?

0 Kudos
DmitriyDubovik
Contributor
‎2024-01-24 11:57 PM
In response to PhoneBoy

81.20 take 41 

 

We have a sitution that the everything is perfect except of this CRL portals, that don t even resolve.

 

Pushes don t work at all

0 Kudos
PhoneBoy
Admin
Admin
‎2024-01-27 06:58 PM
In response to DmitriyDubovik

Sounds like a bug and you should consult with TAC: https://help.checkpoint.com

0 Kudos
DmitriyDubovik
Contributor
‎2024-01-25 12:05 AM
In response to PhoneBoy

You can try by yourself to connect to this URLs and find out that not of them are alive in nowtime 

Безымянный.png

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events