Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Diogo_Buhler
Participant

Application database update failed

Hello,

I've been having a really strange issue with application control. It seams that it can't update.
I'm following CCSA course from cbt nuggets, and I've everything ok.
But when going to activate application and url filtering, for some reasons database can't be updated.

This is what I got:
- My PC behind the checkpoint gw have internet access, and can resolve names properly. (no dns problem)
- My SMS have internet access, and can resolve names properly.
- My Checkpoint GW have internet access, and can resolve names properly.

When I go into Application & URL Filtering, and press "Gateways", I get on update status: "Error in database update".
Putting the mouse over I can read:

"
Application Control: Update failed. Gatewat can not
access internet
('https://secureupdates.checkpoint.com/appi/v3_1_...
 Check connectivity and proxy settings.

URL Filtering: Update failed. Gateway ...(same thing)
"

so, i started to do some tshoot, and went to see if I can get into the page using curl_cli.
For that i whent to the checkpoint gateway and did:
"curl_cli -vk https://secureupdates.checkpoint.com/appi/v3_1_0/gw/Version"

The result is a HTTP/1.1 200 OK, and I can see the content, for example: kg_filne_name etc...
But I also noticed I get an error like:
"*servercert: Error - server certificate validation failed!"

Can this be the issue?
In any case how can i solve this?

This is a trial license, 15 days one. But as far as I know, i should be able to test application control and url filtering with it also.

If so, how can I sort this out?

Any hints, or more tshoot tips? I even changed my policy, disabling some rules, and putting any any accept. so I don't block anything.

Looking forward to get some help here, as I'm totally out of ideas 😕

Thanks in advance.

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

Check Point recently switched over to using SHA-256 certificates for online updates.

If you're not using R77.30 or above, you will need a hotfix to enable this support.

Refer to the following SK for details: Check Point update and online services migration to SHA-256 based certificates 

Diogo_Buhler
Participant

I'm on R77.10 guess I need to check that hotfix. thank you. will update here later. thank you for the fast reply.

0 Kudos
PhoneBoy
Admin
Admin

If this is just for study in the lab, I would opt for R80.10 (preferred) or R77.30.

R77 - R77.20 will be End of Support in August per the following: https://www.checkpoint.com/support-services/support-life-cycle-policy/#softwaresupport 

Diogo_Buhler
Participant

Yeh, but since this is just for learning purposes I'll stick with this one, and it's good to hit this walls, and learn to overpass them. Btw, is there any other way for me to download the hotfix ( Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ...  ) from the sk details you sent previously?
My user seams to not have rights to download them 😕

0 Kudos
PhoneBoy
Admin
Admin

Your account must be associated with an active support/software subscription agreement to download that file.

I strongly encourage you to download R80.10 instead: Check Point R80.10 

Diogo_Buhler
Participant

Thank you for all the help and support. Managed to fix the issue, but in either case already downloaded R80.10 and will rebuild the lab in that version, and learn in the most recent one.

Thanks for all.

Polash_Neog
Explorer

I have a similar situation in a production environment & i am trying to find solution. I have already checked all the readily available checks & found to be positive. My CMA and CLM are of R77.30 and gateways are of R77.10. 

It will be helpful for me if you share the process to fix the issue.

Thanks. 

0 Kudos
Diogo_Buhler
Participant

HI Polash,

as @ Dameon Welch Abernathy  shared, recently Checkpoint switched over to using SHA-256 certificates for online updates.

As so you need to install an hotfix: Check Point update and online services migration to SHA-256 based certificates 

For my case I've downloaded and installed the hotfix form section: 2-B for version R77.10a (2)

I've installed the hotfix on SMS, and gateways, and worked good to do the updates of database application.

In either case, I suggest you to update to version R80.10

Polash_Neog
Explorer

Thanks a lot for the help and support.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events