- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
The VPN is going down because certificates are used for IKE Phase 1 authentication; when a rekey occurs the CRL must be retrieved from the SMS/MDS to ensure the certificate has not been revoked. There is a cache for the CRL on the gateways that will help if the SMS/MDS is down for a short period, but if it is down long enough the cached CRL entries will expire and the VPN breaks at the next rekey.
You can extend the CRL cache timeout or even disable the CRL checking completely as described here:
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY