Security Gateways and Security Management Server require access to the Internet (either directly, or via configured proxy) for various Software Blades. The table below lists the relevant connectivity tests.
-
In Gaia OS, use the "curl_cli
" command (Important: Refer to sk110779 - "curl: (900) servercert: Error - server certificate validation failed!" when running "curl_cli" command).
-
For each of the curl_cli
commands, add the option --cacert $CPDIR/conf/ca-bundle.crt
to prevent the issue in sk110779.
-
In Gaia Embedded OS, use the "wget
" command. It is enough to check the connectivity only to the http://cws.checkpoint.com
server. Use the following syntax:
[Expert@HostName:0]# [http_proxy=Proxy_IP_or_HostName:Port] wget http://cws.checkpoint.com/
-
In SecurePlatform OS, use the "curl
" command instead of "curl_cli
" command.
-
If IPv6 address is assigned on Security Gateway / Security Management Server, then these services should be allowed in the rulebase for IPv6 as well.
-
All the domains below are part of the new Updatable object “Check Point Services”. For more information on Updatable objects, see sk131852.
-
You can also check and subscribe to updates on the Services status page.
Additional Notes:
-
Specific IP addresses for the servers are not provided because they vary by region and are subject to change.
-
There are some Check Point Services / Software Blades that requires Proxy configuration on top of the Proxy global property configured in the object of your Security Management Server / Domain Management Server, so that connections to sigcheck.checkpoint.com will be able to pass through your Proxy server.
Examples from R7X SmartDashboard:
Note: Check if you have one those blades enabled and configure proxy settings for each of them.
Related Solutions:
Revision History