The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Push Notifications from Mobile Access gateway do not work for all mobile clients due to CRL fetch failures
Mobile Access / SSL VPN
Platform / Model
Push Notifications from Mobile Access gateway do not work for all mobile clients.
$FWDIR/log/pushd_failed_posts file on Mobile Access gateway shows the following error:
curl : Cloud Certificate failure due to multiple CRL fetch failures, push is now locked for sending
Gateway is either unable to resolve the CA's CRL distribution point URL or it cannot reach the resolved IP.
Follow these steps:
Connect to command line on Mobile Access gateway (over SSH, or console).
Log in to Expert mode.
Run the following curl command for each URL below. The result should be 200 OK. # curl_cli -kv <URL BELOW> > /dev/null # curl_cli -kv https://push.checkpoint.com > /dev/null
Note:To use Push Notifications, the Mobile Access gateway must have connectivity to these URLs on ports 443 and 80
If the above connections are active, but $FWDIR/log/pushd_failed_posts file still shows the same error, then run the following command (it allows curl to validate the certificate for 20 seconds, which is required for slow or intermittent connections):