Gateway is either unable to resolve the CA's CRL distribution point URL or it cannot reach the resolved IP.

Follow these steps:

1. Connect to command line on Mobile Access gateway (over SSH, or console).
   
   
2. Log in to Expert mode.
   
   
3. Run the following curl command for each URL below. The result should be 200 OK.
   # curl_cli -kv <URL BELOW> > /dev/null
# curl_cli -kv https://push.checkpoint.com > /dev/null
   • https://push.checkpoint.com
   • http://crl.godaddy.com/gdig2s2-12.crl
   • http://crl.godaddy.com/gdroot-g2.crl
   • http://crl.godaddy.com/gdroot.crl

Note

:To use Push Notifications, the Mobile Access gateway must have connectivity to these URLs on ports 443 and 80

1. If the above connections are active, but $FWDIR/log/pushd_failed_posts file still shows the same error, then run the following command (it allows curl to validate the certificate for 20 seconds, which is required for slow or intermittent connections):

   [Expert@HostName]# cpprod_util CPPROD_SetReserved cpshared libCurl crl_download_timeout 1 20 1
   
   

2. Restart the fwpushd process:

   [Expert@HostName]# killall fwpushd

   Wait for several seconds for the process to be restarted. Try to send push notifications again. If push still does not work, then refer to $FWDIR/log/pushd_failed_posts file.

 

---

 

Related documentation:

• R77 Mobile Access Administration Guide
  
  
• 'curl' manual page

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

This solution is about products that are no longer supported and it will not be updated