Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
EmilliXill
Explorer

Error 'GW can not access updates.checkpoint.com' (but it can)

Hello!

I have an HA cluster in my lab (Gaia 80.40). Both nodes have access to the internet (ping 1.1.1.1 for example is successful). 

But in Smart console I see an error on both nodes in the IPS and Anti-Bot&Anti-Virus sections (Gateways&Servers - Click on GW - Device&License information - Device status):

Error: Update failed. Contract entitlement check failed. Gateway can not access internet ("https://updates.checkpoint.com/WebService/services/DownloadMetaDataService"). Check connectivity and proxy settings

 

But curl_cli -v -k https://updates.checkpoint.com is successful on both nodes:

Trying 184.50.201.193...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (184.50.201.193) port 443 (#0)
* ALPN, offering http/1.1
* *** Current date is: Thu May 18 13:45:43 2023
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Thu May 18 13:45:43 2023
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: CN=*.checkpoint.com
* start date: Dec 21 12:11:27 2022 GMT
* expire date: Jan 22 12:11:26 2024 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* servercert: Finished
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 200 OK
< Content-Type: text/html
< Server: Apache-Coyote/1.1
< Content-Length: 10
< Date: Thu, 18 May 2023 10:45:41 GMT
< Connection: keep-alive
<
status=OK
* Connection #0 to host updates.checkpoint.com left intact

 

I know there are a lot of posts like mine, but usually there is no internet or service is really down. In my case GW has internet access and CP services are OK as far as I know.

Also I have tried to do this one: https://community.checkpoint.com/t5/General-Topics/Failure-to-fetch-updates-from-CheckPoint-servers/... But I don't seem to have such directories..I have only opt/CPshared//5.0/tmp...

Does anyone have any ideas how to fix this? 😞 Thank you!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

I would ask the TAC to assist in troubleshooting here: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend

Can you ensure this is checked in global properties?

Andy

 

Screenshot_1.png

0 Kudos
the_rock
Legend
Legend

0 Kudos
EmilliXill
Explorer

Thanks everyone! The problem was solved itself, did nothing. Did not even reboot 😕 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events