Support Center > Search Results > SecureKnowledge Details
Standalone Endpoint Security Client for Mac OS fails to connect with "ERROR - initializing firewall" error message Technical Level
Symptoms
  • Standalone Endpoint Security Client for Mac OS fails to connect with "ERROR - initializing firewall" error message.
  • The issue does not occur on Windows clients, or on other non-Mac OS clients
  • The trac.log shows the following:
    [ 49022 771][25 Sep 15:54:51][TR_FIREWALL] CFirewallWrapper::EnforcePolicy: firewall not initialized, calling init
    
    [ 49022 771][25 Sep 15:54:51][TR_FIREWALL] CFirewallWrapper::Init: entering...
    [ 49022 771][25 Sep 15:54:51][TR_FIREWALL] CFirewallWrapper::Init: MACOS init firewall, g_kextPath=/Library/Extensions/cpfw.kext
    [ 49022 771][25 Sep 15:54:51][TR_FIREWALL] CFirewallWrapper::Init: CpfwLoadKext returned cpfwlib_kextload_failed
    [ 49022 771][25 Sep 15:54:51][TR_FIREWALL] CFirewallWrapper::Init: CpfwLoadKext Failed with error cpfwlib_kextload_failed
    [ 49022 771][25 Sep 15:54:52][TR_FIREWALL] CFirewallWrapper::Init: CpfwDiagnoseLoadKext return:
    Kext library architecture set to x86_64.
    Defaulting to kernel file'/System/Library/Kernels/kernel'
    Kext library recording diagnostics for: validation authentication dependencies warnings.
    Reading loaded kext info from kernel.
    Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/cpfw.kext/", ID = "com.checkpoint.cpfw" }
    Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/cpfw.kext/", ID = "com.checkpoint.cpfw" }
    Diagnostics for /Library/Extensions/cpfw.kext:

    [ 49022 771][25 Sep 15:54:52][TR_FIREWALL] CFirewallWrapper::EnforcePolicy: ERROR - initializing firewall
    [ 49022 771][25 Sep 15:54:52][TR_FLOW_STEP] TR_FLOW_STEP::TrFirewallStep::EnforceFirewallPolicyOnConnect: EnforcePolicy failed !!
  • Some clients are getting the following error in the GUI:
    “Connection Failed: Enforce Firewall Policy failed”
Solution

This is not a Check Point issue.

You will need to enable kernel extension during the Endpoint Security Client installation. For more information, refer to Technical Note TN2459

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • "Enforce Firewall Policy Failed"

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment