The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Push Notifications from Mobile Access gateway do not work for all mobile clients due to CRL fetch failures
Technical Level
Solution ID
sk98978
Technical Level
Product
Mobile Access / SSL VPN
Version
All
Platform / Model
All
Date Created
27-Mar-2014
Last Modified
05-Jul-2020
Symptoms
Push Notifications from Mobile Access gateway do not work for all mobile clients.
$FWDIR/log/pushd_failed_posts file on Mobile Access gateway shows the following error:
curl : Cloud Certificate failure due to multiple CRL fetch failures, push is now locked for sending
Cause
Gateway is either unable to resolve the CA's CRL distribution point URL or it cannot reach the resolved IP.
Solution
Follow these steps:
Connect to command line on Mobile Access gateway (over SSH, or console).
Log in to Expert mode.
Run the following curl command for each URL below. The result should be 200 OK. # curl_cli -kv <URL BELOW> > /dev/null # curl_cli -kv https://push.checkpoint.com > /dev/null
https://push.checkpoint.com
http://crl.godaddy.com/gdig2s2-12.crl
http://crl.godaddy.com/gdroot-g2.crl
http://crl.godaddy.com/gdroot.crl
Note:To use Push Notifications, the Mobile Access gateway must have connectivity to these URLs on ports 443 and 80
If the above connections are active, but $FWDIR/log/pushd_failed_posts file still shows the same error, then run the following command (it allows curl to validate the certificate for 20 seconds, which is required for slow or intermittent connections):
Wait for several seconds for the process to be restarted. Try to send push notifications again. If push still does not work, then refer to $FWDIR/log/pushd_failed_posts file.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
01383482
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?
