The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
CloudGuard Controller fails to connect to Azure
|
Technical Level
|
Solution ID |
sk170413 |
Technical Level |
|
Product |
CloudGuard Controller, CloudGuard Network for Azure |
Version |
R80.30 |
OS |
Gaia |
Platform / Model |
Azure |
Date Created |
10-Nov-2020
|
Last Modified |
11-Nov-2020
|
Symptoms
- CloudGuard Controller fails to connect to Azure.
- CloudGuard Controller's test connection results in a connection problem.
- cloud_proxy.elg contains "
RequestError: CurlException: curl: (60) SSL certificate problem: unable to get local issuer certificate
".
- The output is correct when the user turns off curl's verification of the certificate with the --insecure option on the curl command or adds this option to the script.
Cause
CloudGuard Controller connects to the Internet via a Security Gateway (a Check Point Gateway or a Gateway from another vendor) that performs HTTPS Inspection. This causes the Azure URL's certificate to be signed by a CA that is not from Microsoft.
Solution
Configure the HTTPS inspection middlebox to bypass / allow connections from Check Point's Security Management Server to Microsoft Azure URLs.
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|