Security Gateways and Security Management Server require access to the Internet (either directly, or via configured proxy) for various Software Blades. The table below lists the relevant connectivity tests.
In Gaia OS, use the "
curl_cli" command (Important: Refer to sk110779 - "curl: (900) servercert: Error - server certificate validation failed!" when running "curl_cli" command).
For each of the
curl_cli commands, add the option
--cacert $CPDIR/conf/ca-bundle.crt to prevent the issue in sk110779.
In Gaia Embedded OS, use the "
wget" command. It is enough to check the connectivity only to the
http://cws.checkpoint.com server. Use the following syntax:
[http_proxy=Proxy_IP_or_HostName:Port] wget http://cws.checkpoint.com/
In SecurePlatform OS, use the "
curl" command instead of "
If IPv6 address is assigned on Security Gateway / Security Management Server, then these services should be allowed in the rulebase for IPv6 as well.
All the domains below are part of the new Updatable object “Check Point Services”. For more information on Updatable objects, see sk131852.
You can also check and subscribe to updates on the Services status page.
Specific IP addresses for the servers are not provided because they vary by region and are subject to change.
There are some Check Point Services / Software Blades that requires Proxy configuration on top of the Proxy global property configured in the object of your Security Management Server / Domain Management Server, so that connections to sigcheck.checkpoint.com will be able to pass through your Proxy server.
Examples from R7X SmartDashboard:
Note: Check if you have one those blades enabled and configure proxy settings for each of them.