Create a Post
Razotevs
Explorer

Anti-bot/Anti-virus update failed on R81.10 with R81_10_JUMBO_HF_MAIN_Bundle_T30 on Azure

Hi,

IPS is updating just fine. Just tried manual update and it went well (so I assume it is not a connectivity issue), but for some reason anti-bot is failing and contract entitlement shouldn't be a problem. It is a PAYG NGTP Azure deployment. I saw hundreds of other topics regarding this, but non of them seems to help. Maybe I am missing something, thanks!

 

 

I am observing the following:

AB Update status:           failed

AB Update description:      Update failed. Contract entitlement check failed. Gateway can not access                                                                                                                                              internet ("https://updates.checkpoint.com/WebService/services/DownloadMetaDataService"). Check connec                                                                                                                                             tivity and proxy settings.

AB Next update description: The next try will be within one hour.

AB DB version:              2202221034

AV Update status:           failed

AV Update description:      Update failed. Contract entitlement check failed. Gateway can not access                                                                                                                                              internet ("https://updates.checkpoint.com/WebService/services/DownloadMetaDataService"). Check connec                                                                                                                                             tivity and proxy settings.

AV Next update description: The next try will be within one hour.

AV DB version:              2202200833

 

0 Kudos
3 Replies
_Val_
Admin
Admin

Did you try accessing those URLs from the GW directly?

0 Kudos
Razotevs
Explorer

From the management they work. From the Gateways no. I have them added to policy with domain objects to permit, but maybe I am missing something. How looks a proper policy to make sure the traffic is permitted to all the required FQDNs?

0 Kudos
_Val_
Admin
Admin

GWs should be allowed to reach those URLs. Look into sk83520 for more details.

0 Kudos