Support Center > Search Results > SecureKnowledge Details
Security Gateway cannot connect to Check Point Anti-Bot / Anti-Virus Online Web Services
Symptoms
  • "Check Point Online Web Service failure. See sk74040 for more information." log in SmartView Tracker.

  • Security Gateway cannot connect to Check Point Anti-Bot Online Web Service / Anti-Virus Online Web Service.

  • "Internal error occurred, could not connect to cws.checkpoint.com" alert log in SmartView Tracker for Application Control or URL Filtering blade.

  • Anti-Malware is not able to categorize a host out of a given URL if the hostname does not contain dots.

Cause

These Anti-Bot / Anti-Virus “Web service error” messages will be shown each time a request from the gateway to the ThreatCloud will be terminated with a timeout.

Possible causes:

  1. Connectivity issue - timeout while trying to connect to Check Point online service.

  2. Online Web Service access configuration problem - using Hold configuration for span port / tap installations.

  3. Memory allocation problem - the gateway's memory is overloaded.

  4. File extension sent to be scanned by the Anti-Virus blade contains spaces.  

  5. Check Point kernel uses URL normalization routines to get the hostname out of a given URL checking if it contains a dot character (e.g., google.com instead of google). Some internal sites use hostnames without any dot characters, and in such cases URL validation fails. As a result, Anti-Malware is unable to categorize such host.

Solution

Note: Starting from R75.47 and R76, Anti-Bot Resource Classification mode for DNS is performed in the "background" on the Security Gateway. To learn more, see sk92224 - Resource Categorization for Anti-Bot / Anti-Virus DNS Settings optimization.

 

Follow these steps:

  1. Connectivity issue - timeout while trying to connect to Check Point online service.

    Check the following:

    1. Check DNS configuration on the Security Gateway.

    2. Check Proxy configuration on the Security Gateway.

    3. Connectivity from the Security Gateway:

      [Expert@GW]# curl_cli http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short

      This link should always be available and should always return a "true" value:
      <?xml version="1.0" encoding="UTF-8"?><response><allSystemsOK>true</allSystemsOK></response>

      Note: For more information about the curl, refer to cURL documentation.


  2. Online Web Service access configuration issue - using Hold configuration for span port / tap installations.

    Configure the following:

    1. In SmartDashboard, go to "Threat Prevention" tab -> expand "Advanced" -> click on "Engine Settings" -> in the "Resource classification mode" section, change from "Hold" to "Background".

    2. Install policy.


  3. Memory allocation issue - the Security Gateway's memory is overloaded.

    1. Wait for the memory consumption to decrease (for example, memory consumption is increased during policy installation, during IPS update, etc).

    2. If the memory exhaustion persists, contact Check Point Support for troubleshooting.


  4. File extension sent to be scanned by the Anti-Virus blade contains spaces

    1. Remove the file-extension property from the request (this will not affect the security of the Anti-Virus blade):

      1. On the gateway, edit the $FWDIR/conf/rad_scheme.C file (back it up before making the change).
      2. Delete the following two lines below "antivirus":
          :const ("&file_ext=")
          :value ("trapper:file_ext")


    2. Install policy on the gateway


  5. Users behind the Security Gateway try to access a non-standard URL, such as URL without dots.

    Example: URL without .com at the end.

    This problem was fixed. The fix is included in:

    Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

     

    For lower supported versions, Check Point Support can supply a Hotfix for this issue.
    A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.

    Hotfix installation instructions:

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    3. Unpack and install the hotfix package:

      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar -zxvf fw1_wrapper_<HOTFIX_NAME>.tgz
      [Expert@HostName]# ./fw1_wrapper_<HOTFIX_NAME>


      Note: The script will stop all the Check Point services (cpstop) - read the output on the screen.

    4. Reboot the machine.



Related solutions:
 

Applies To:
  • This SK replaces sk97628

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment