This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
EmilliXill
Explorer
‎2023-05-18 04:27 AM

Error 'GW can not access updates.checkpoint.com' (but it can)

Hello!

I have an HA cluster in my lab (Gaia 80.40). Both nodes have access to the internet (ping 1.1.1.1 for example is successful). 

But in Smart console I see an error on both nodes in the IPS and Anti-Bot&Anti-Virus sections (Gateways&Servers - Click on GW - Device&License information - Device status):

Error: Update failed. Contract entitlement check failed. Gateway can not access internet ("https://updates.checkpoint.com/WebService/services/DownloadMetaDataService"). Check connectivity and proxy settings

 

But curl_cli -v -k https://updates.checkpoint.com is successful on both nodes:

Trying 184.50.201.193...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (184.50.201.193) port 443 (#0)
* ALPN, offering http/1.1
* *** Current date is: Thu May 18 13:45:43 2023
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Thu May 18 13:45:43 2023
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: CN=*.checkpoint.com
* start date: Dec 21 12:11:27 2022 GMT
* expire date: Jan 22 12:11:26 2024 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* servercert: Finished
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 200 OK
< Content-Type: text/html
< Server: Apache-Coyote/1.1
< Content-Length: 10
< Date: Thu, 18 May 2023 10:45:41 GMT
< Connection: keep-alive
<
status=OK
* Connection #0 to host updates.checkpoint.com left intact

 

I know there are a lot of posts like mine, but usually there is no internet or service is really down. In my case GW has internet access and CP services are OK as far as I know.

Also I have tried to do this one: https://community.checkpoint.com/t5/General-Topics/Failure-to-fetch-updates-from-CheckPoint-servers/... But I don't seem to have such directories..I have only opt/CPshared//5.0/tmp...

Does anyone have any ideas how to fix this? 😞 Thank you!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-05-18 09:58 AM

I would ask the TAC to assist in troubleshooting here: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend
‎2023-05-18 10:12 AM

Can you ensure this is checked in global properties?

Andy

 

Screenshot_1.png

0 Kudos
the_rock
Legend
Legend
‎2023-05-18 10:15 AM

You can also refer to below sk:

https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&so...

Andy

0 Kudos
EmilliXill
Explorer
‎2023-05-22 02:58 AM

Thanks everyone! The problem was solved itself, did nothing. Did not even reboot 😕 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events