This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Angelo_Clemente
Participant
‎2024-01-22 06:57 PM

Anti-Bot and Anti-Virus Update Error

Hello, 

Good day to you all! 

 

We have a customer that have this issue where the Anti-Bot and Anti-Virus blades are showing this error: 

"Update failed. Contract entitlement check failed. Server error occurred."

 

Normally as partners, we would just follow SKs that are available and request support with Check Point TAC if needed. However, this issue already lasted for more than a year and not a single TAC Engineer can resolve the issue. 

When we try to curl, http (Port 80) was able to connect, while https (Port 443) was not. 

See Below: 

INT1-2.jpg

We are seeking help in the community because we`re just running circles with Checkpoint TAC. They are requesting outputs again and again, even we already have established that there were no proxies, there are policies, there are routes, and have provided numerous cpinfo. 

 

Some TAC even mentioned that it is because that the gateways are not in a same UC since the secondary gateway is a lease. 

Background: 

At first, the customer is only running a single security gateway as their Internal Firewall. Then they sought our assistance to make their Internal Firewall into a Security Gateway Cluster. The customer then asked one of the Check Point distributors here in the Philippines to lease a gateway similar to theirs. As partners, we configured the gateways to form a cluster. The Cluster configuration was successful and was running smoothly. UNTIL the error occurred in the secondary (stand-by) gateway. This is the time where the customer will seek our help since it is their first time to encounter such a thing. 

We did everything we could to resolve the issue by looking for available SKs that are similar with the case/issue. We sought the help of Checkpoint Support/TAC to help us, but for the last a year or more, none so far have resolved the issue. 



Hoping for you honest and steadfast reply. 

 

Regards, 

Angelo Clemente
CCSA, CCSE
Labels
13 Replies
the_rock
Legend
Legend
‎2024-01-22 08:28 PM

Apologies if I ask same question you were probably asked before, but can you confirm if curl_cli works on say google.com?

Also, can you indeed verify routing is fine? I ask cause I see errors there is no route to host.

Best,

Andy

0 Kudos
Angelo_Clemente
Participant
‎2024-01-22 10:00 PM
In response to the_rock

Hi Andy, 

Yes, I can confirm that I am able to curl to google.com at port443. The routing is fine, we have policies in place as well. 

Angelo Clemente
CCSA, CCSE
0 Kudos
the_rock
Legend
Legend
‎2024-01-23 04:39 AM
In response to Angelo_Clemente

If you allow remote session, I am more than happy to have a look, its not an issue. I am fairly sure I could help you out with this.

Best,

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-01-23 09:02 AM
In response to Angelo_Clemente

Ironically enough, I noticed exact same issue in my lab today on one of clustered fws, rebooted and went away. Strange...lets see if it comes up again or not. Im on R81.20 jumbo 43 (latest(

Andy

0 Kudos
Angelo_Clemente
Participant
‎2024-01-23 06:42 PM
In response to the_rock

Hi Andy, 

 

Good day! 

Yes, normally reboot is the solution for this case. We have encountered this as well with other customers. 

 

We may have a remote session. You can join with the scheduled remote session with TAC Engineer tomorrow (January 25, 2024, 11:00am GMT+8, Philippine Standard Time). 

Here`s the SR case: 6-0003715416. 

 

Thanks!

Regards,

Angelo Clemente
CCSA, CCSE
0 Kudos
the_rock
Legend
Legend
‎2024-01-24 04:25 AM
In response to Angelo_Clemente

Let us know how it goes. Thats way outside my working hours, sorry.

Best,

Andy

the_rock
Legend
Legend
‎2024-01-24 06:16 AM
In response to Angelo_Clemente

Actually, not that I think about it, I can probably do it, it will be 10 pm here in Canada EST. Can you message me offline and send the link for remote? I will also send you my direct email, I really would like to be on that remote. I am always used for time difference in Philippines to be 12 hours from Ottawa, canada, as thats how it was when I was there, but of course it changes haha, now its 13.

Best,

Andy

0 Kudos
emmap
Employee
Employee
‎2024-01-22 10:25 PM

Can you see firewall logs to the IP addresses shown in the output there when trying the curl to the HTTPS site?

0 Kudos
Angelo_Clemente
Participant
‎2024-01-23 06:40 PM
In response to emmap

Hi emmap, 

 

Good day! 

Yes, we can see the logs. 

 

Regards, 

Angelo Clemente
CCSA, CCSE
0 Kudos
alonfe
Employee Alumnus
Employee Alumnus
‎2024-01-23 04:22 AM

Hi,

Do you have an SR number so I can have a look at was done already on this case?

BR,

Alon

0 Kudos
Angelo_Clemente
Participant
‎2024-01-23 06:40 PM
In response to alonfe

Hi Alonfe, 

 

Good day! 

 

Yes you can look on the case on this SR Number: 6-0003715416. 

 

Please mind that this is not the SR since the beginning, we have opened multiple SR cases for the same issue. 

 

 

Thanks! 

 

Regards, 

Angelo Clemente
CCSA, CCSE
0 Kudos
the_rock
Legend
Legend
‎2024-01-25 04:12 AM
In response to Angelo_Clemente

Hi Angelo,

Im so sorry I did not jump on remote, saw your email with the link you sent me, but had to do something else for work, and then it was almost 11 pm my time, so went to bed, since I was pretty tired.

How did it go with TAC? Any good news?

Best,

Andy

0 Kudos
Martijn
Advisor
Advisor
‎2024-01-24 06:43 AM

Hi Angelo,

You mention both cluster members are in different UC's.  You probably  already did this, but I wonder what the output of 'cplic print' is.

Regards,
Martijn

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events