The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
First Time Configuration Wizard is stuck at 90%
|
Technical Level
|
| Solution ID |
sk115613 |
| Technical Level |
|
| Product |
Quantum Security Gateways, Quantum Spark Appliances, Quantum Smart-1, Threat Emulation, Quantum Appliances |
| Version |
R75 (EOL), R76 (EOL), R77 (EOL), R80 (EOL), R80.10 (EOL), R80.20 (EOL), R80.30 (EOL) |
| OS |
Gaia |
| Platform / Model |
2000, 3000, 4000, 5000, 12000, 13000, 15000, 21000, 23000, Threat Emulation, Smart-1, Power-1 (EOL), VSX-1 (EOL), UTM-1 (EOL) |
| Date Created |
22-Jan-2017
|
| Last Modified |
29-Jul-2020
|
Symptoms
First Time Configuration Wizard is stuck in web browser at 90% (even after several hours).
Traffic capture on the Host (from which user connects) shows that the web browser repeatedly sends HTTP "GET" requests, but the Check Point Security Gateway does not respond.
Development Tools in the web browser (e.g., Chrome, Firefox) show that the web browser repeatedly sends HTTP "GET" requests to the Check Point Security Gateway, but the Check Point Security Gateway does not respond.
Example from Firefox:
Output of "netstat -ant | grep -E "Proto|443|<IP_of_Host>" command on the Check Point Security Gateway shows that connection from Check Point Security Gateway to the Host is stuck in the "FIN_WAIT2" state.
Example:
[Expert@HostName:0]# netstat -tan | grep -E "Proto|443|<IP_of_Host>"
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 <IP_of_Appliance>:443 <IP_of_Host>:<Port> FIN_WAIT2
Cause
TCP specification does not state that the "FIN_WAIT_2" state has a timeout (reference: https://httpd.apache.org).
In some cases, this can cause the TCP connection not to terminate.
Per RFC 793:
FIN-WAIT-2 - represents waiting for a connection termination request from the remote TCP.
Solution
|
Note: To view this solution you need to
Sign In
.
|
