Support Center > Search Results > SecureKnowledge Details
Misconfiguration of "Management" interface on Check Point Security Gateway causes outage
Symptoms
  • When "Management" interface on Security Gateway does not have IP address, Check Point products are not loaded after reboot.

  • It is not possible to connect to Security Gateway over SSH via other interfaces - only over console.

  • "fw stat" command shows that "defaultfilter" policy is loaded.

  • "cpwd_admin list" command returns:
    "No processes in WD database"

  • Debug of "cpstart" (per sk92987) shows that the 'CheckIP' test failed:
    "cpstart: CheckIP failed, program terminate"

  • Running "cpconfig" command shows:

    cpinst Error: Host name resolution for HOSTNAME failed.
    Local host name resolution is required for normal Check Point Security Gateway operation.
    Please correct this error and run cpstart again:
    Add an entry for HOSTNAME in /etc/hosts


  • "cat /etc/hosts" command shows only the entry for IP address "127.0.0.1"

  • Last change on the machine before reboot was done on "Management" interface - one of the following was done:
    • IP address was removed from the current "Management" interface
    • "Management" interface was shut down
    • Another interface was defined as "Management" interface
Cause

If the /etc/hosts file does not contain an entry with machine's HostName and the IP address that was assigned to "Management" interface, then Check Point software will not load.

  • On Open Server: IP address entered during First Time Configuration Wizard is assigned to first interface. This interface is considered as "Management" interface on Gaia OS, and its IP address is added to /etc/hosts file.
  • On Check Point appliance: Interface marked as "Mgmt" (to which administrator connects to run First Time Configuration Wizard) is considered as "Management" interface on Gaia OS, and its IP address is added to /etc/hosts file.

Solution
Note: To view this solution you need to Sign In .