Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Charlie_Dobson
Contributor

Threat Emulation & Extraction Protocol Error 402

I can't seem to find any information on this error online performing Google searches, so my apologies if this has been asked before.

A user of ours is getting this error every time he opens or creates a new project in DriveWorks:

t[121118T120721.695]p[1470:12]l[Error]s[Engine]: Can't emulate image (sha1 '86f9692d8b8f5b88734520a01ff829a2dc14c15c' path 'C:\Users\xxxx\AppData\Local\Temp\DW\Shared\DSGR 2018-11-12 12-07-19.driveprojx') because of: 'ProtocolError' 'The remote server returned an error: (402) Payment Required.'

Anyone know what that means?  We're running R77.30.03 infrastructure with Check Point Endpoint Protection E80.83 installed using blades: MEPP, Anti-Ransomware, Anti-Bot, Threat Extraction & Emulation, Compliance, URLF, FW, App Control, & VPN.  Since this software will be used by many after initial testing, I will need to make sure this doesn't happen to everyone.

Please don't tell me this is the obvious and someone hasn't paid the bill. 

Charlie Dobson 

10 Replies
G_W_Albrecht
Legend
Legend

How is TE in the cloud licensed ? On a GW, cpstat threat-emulation -f contract and tecli s c q will show the current quota, but with EPSS maybe a cplic print is enough ?

CCSE CCTE CCSM SMB Specialist
Charlie_Dobson
Contributor

When I run the cpstat threat-emulation -f contact, all I see are dashes:

TE Contract Name:                          -
TE Subscription Expire Date:               -
TE Cloud Hourly Quota:                     -
TE Cloud Monthly Quota:                    -
TE Cloud Remaining Quota:                  -
TE Maximal VMs Number:                     -
TE Subscription Status:                    -
TE Cloud Quota Status:                     -
TE Subscription Description:               -
TE Cloud Quota Description:                -
TE Cloud Quota Identifier:                 -
TE Cloud Monthly Quota Period Start:       -
TE Cloud Monthly Quota Period End:         -
TE Cloud Monthly Quota Usage for This GW:  -
TE Cloud Hourly Quota Usage for this GW:   -
TE Cloud Monthly Quota Usage for Quota ID: -
TE Cloud Hourly Quota Usage for Quota ID:  -
TE Cloud Monthly Quota Exceeded:           -
TE Cloud Hourly Quota Exceeded:            -
TE Cloud Last Quota Update GMT Time:       -

cplic print shows that our CPSB-EBP-TE (Threat Extraction) expires on March 15, 2019.  So it appears our subscription is still valid.

Thank you for showing me that.  Any other ideas as to what could be causing this error?

0 Kudos
G_W_Albrecht
Legend
Legend

I did already write that cpstat  may not be the correct command for EPSS !  CPSB-EBP-TE is a rather old license (3-4 years old) that has a certain quota that can be shown using the CK of the license.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Charlie_Dobson
Contributor

Dumb question: Is the CK of the license safe to post here?

0 Kudos
G_W_Albrecht
Legend
Legend

As it is only the certificate key, but not the license itself, i would see no risk as nobody else has access to the license. But there is another possibilty: You can open an Account Services ticket in UserCenter (that is possible for everyone) and ask them to check the licence(s) for you...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Charlie_Dobson
Contributor

Thanks, I wasn't sure.  The CK is  CK-00-1C-7F-30-D4-A2

0 Kudos
G_W_Albrecht
Legend
Legend

The CK is a 4807 without TE license. But customer has a 3100 with SandBlast and Endpoint Complete including SandBlast Agent for a year. And after all, he has direct premium support, so you could contact TAC immediately...

CCSE CCTE CCSM SMB Specialist
G_W_Albrecht
Legend
Legend

In UserCenter, there is a report for SandBlast Cloud Quota Usage - go to Product Center > Blades Tab - Threat Emulation Cloud Report !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Charlie_Dobson
Contributor

I don't seem to have a Cloud Report listed after clicking on Threat Emulation.  However, I do see this:

It seems I have inherited a licensing mess from the previous Admin.  I can't tell from the image if I'm licensed for Threat Extraction or if it expired.  Clicking on the non-expired Enterprise Based Protection link, it lists all my gateway devices, so I assume the license is still valid?

If I click on SandBlast Service Report, I see this:

Which suggests I have a capacity of half a million uploads?

0 Kudos
G_W_Albrecht
Legend
Legend

Just ask AccountServices !

CCSE CCTE CCSM SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events