Discover the Future of Cyber Security:
What’s New in Check Point’s Quantum R82
Pick the Best of the Best of
CheckMates 2024!
Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
Zero Trust Implementation
Help us with the Short-Term Roadmap
CheckMates Go:
What's New in R82
VPN certificates are validated against the CA on rekey, whether it be the internal CA or an external one (depending on configuration).
Extended outages of management when ICA is used for VPN certificates will cause VPN issues like you experienced.
Having said that, this usually doesn’t happen for about 24 hours (not just a few, as you experienced).
The CRL should be cached, in fact, and you may want to check this sk: https://support.checkpoint.com/results/sk/sk116340
You can disable CRL checking, of course, but checking the CRL is an important security feature that should not be disabled.
See: https://community.checkpoint.com/t5/General-Topics/Failure-to-fetch-updates-from-CheckPoint-servers/...
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
