This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin
‎2024-08-23 05:51 AM

VPN certificates are validated against the CA on rekey, whether it be the internal CA or an external one (depending on configuration).
Extended outages of management when ICA is used for VPN certificates will cause VPN issues like you experienced.

Having said that, this usually doesn’t happen for about 24 hours (not just a few, as you experienced).
The CRL should be cached, in fact, and you may want to check this sk: https://support.checkpoint.com/results/sk/sk116340

You can disable CRL checking, of course, but checking the CRL is an important security feature that should not be disabled.
See: https://community.checkpoint.com/t5/General-Topics/Failure-to-fetch-updates-from-CheckPoint-servers/...

View solution in original post

(1)
Who rated this post