This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gaurav_Pandya
Advisor
‎2017-12-27 10:09 AM

Threat Emulation blade not communicating

Hi,

In one of the firewall, We are getting error "Error : Communication error - Could not connect to cloud" on Smart vie monitor for Threat Emulation blade.

Did cpstop/cpstart and reboot the gateway but still the same issue. When checked details, it is showing as below.

What could be the issue?

16 Replies
Vladimir
Champion
Champion
‎2017-12-27 10:20 AM

Good place to start would be to check DNS and gateway settings on that unit and follow the "Error: Could not connect to the Check Point Cloud. Check your connection settings (Proxy, DNS and g... 

Plus, in the screenshot you are showing, there is an "Invalid subscription" string which may warrant looking into.

Gaurav_Pandya
Advisor
‎2017-12-27 10:28 AM
In response to Vladimir

Hi,

All other blades like Antivirus, Antibot, URL Filtering are working fine so I don't think its issue with DNS or Proxy or connectivity.

0 Kudos
Vladimir
Champion
Champion
‎2017-12-27 10:32 AM
In response to Gaurav_Pandya

I wonder if there is a Check Point portal where the state of cloud services could be looked-up...

0 Kudos
Jesús_Toledano
Contributor
‎2017-12-27 10:35 AM
In response to Vladimir

Hi Vladimir, here you are:

Check Point Services Status 

It seems today there is not any issue.

Vladimir
Champion
Champion
‎2017-12-27 10:38 AM
In response to Jesús_Toledano

Thank you!

0 Kudos
Vladimir
Champion
Champion
‎2017-12-27 10:39 AM
In response to Gaurav_Pandya

Have you looked into the service contracts attached to that GW to see if the "Invalid subscription" has any merit?

0 Kudos
PhoneBoy
Admin
Admin
‎2017-12-27 10:58 AM

I'd start here: How to verify that Security Gateway and/or Security Management Server can access Check Point servers... 

If it's a lack of subscription issue (which your screenshot suggests), that's a different issue.

Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-12-27 11:24 PM

On the gateways command line this also shows you your TE subscription quota status:

# tecli show cloud quota

and

# cpstat threat-emulation -f contract

Regards Thomas

0 Kudos
Mason_Bourdeau
Participant
‎2017-12-28 07:30 AM

I have this exact issue as well, only one of my Cluster XL members is showing this status, the URLs are reachable and the primary member is happily connected, only one of my FWs is showing this error and I have not yet been able to diagnose why...

0 Kudos
Vladimir
Champion
Champion
‎2017-12-28 08:25 AM

Gaurav,

Is your gateway with the problem a standby member of the cluster or is a standalone unit?

0 Kudos
Mason_Bourdeau
Participant
‎2017-12-28 08:30 AM
In response to Vladimir

Standby member of a ClusterXL

0 Kudos
Gennady_Persini
Explorer
‎2017-12-28 03:24 PM
In response to Mason_Bourdeau

Hi Mason

We had the same or maybe similar issue, which was resolved by following all the steps in sk43807.

Gaurav_Pandya
Advisor
‎2018-01-03 03:19 AM
In response to Gennady_Persini

Hi,

Issue is resolved automatically, Without doing any changes on configuration side.

May be some issue at Checkpoint Side or may some local issue.

0 Kudos
Gaurav_Pandya
Advisor
‎2017-12-28 09:06 AM
In response to Vladimir

Hi Vladimir,

Gateway which is having problem is standby unit of cluster.

0 Kudos
Vladimir
Champion
Champion
‎2017-12-28 09:19 AM

In this case, I'd suggest opening a ticket with TAC and referencing this thread in it, as yours and Mason's issues seem to be the same, which leads me to believe that this may be a bug.

Should you do that, please keep this thread updated to let us know how and when the issue is resolved.

Thank you.

Ali_Mukhtar
Explorer
‎2017-12-28 10:43 AM

Install a policy with the following 

source : firewall-a,b,cluster (internal ips only)

dest: any

service : 80/443/53 domain udp 

then retest the connection with the blade 

your don’t have to do natting if the firewall already has external IP address 

let me know

cheers 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    Top