- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
VPN certificates are validated against the CA on rekey, whether it be the internal CA or an external one (depending on configuration).
Extended outages of management when ICA is used for VPN certificates will cause VPN issues like you experienced.
Having said that, this usually doesn’t happen for about 24 hours (not just a few, as you experienced).
The CRL should be cached, in fact, and you may want to check this sk: https://support.checkpoint.com/results/sk/sk116340
You can disable CRL checking, of course, but checking the CRL is an important security feature that should not be disabled.
See: https://community.checkpoint.com/t5/General-Topics/Failure-to-fetch-updates-from-CheckPoint-servers/...
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
