Hi community
Checkpoint 6900 Gaia R81.10 JHF Take 44
firewall running as HA active/standby
test connection from both firewall to https://updates.checkpoint.com look connection is okay
firewall standby IPS can retrieve the update
for firewall active IPS update failed reference check the attached screenshot. Does anyone knows the solution how to fix it update fails?
[Expert@dcfw01:0]# curl_cli -v -k https://updates.checkpoint.com
* Rebuilt URL to: https://updates.checkpoint.com/
* Trying 23.193.221.184...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (23.193.221.184) port 443 (#0)
* ALPN, offering http/1.1
* *** Current date is: Wed Nov 30 14:36:11 2022
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Wed Nov 30 14:36:11 2022
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: CN=*.checkpoint.com
* start date: Dec 7 13:19:55 2021 GMT
* expire date: Jan 8 13:19:55 2023 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* servercert: Finished
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Server: awselb/2.0
< Date: Wed, 30 Nov 2022 07:36:11 GMT
< Connection: keep-alive
<
* Connection #0 to host updates.checkpoint.com left intact
[Expert@dcfw01:0]#