Troubleshooting Check point Firewall

This document helps you troubleshoot the common problems that you might encounter when using the Check point firewall functionalities. This guide will give more troubleshooting processes on Check point firewall certificate config fetch, discovery, CSR creation, backup, push, bind, rollback, and other actions associated with Check point firewall.

Issues when device goes to unresolved state after on-boarding

The device might have entered an unresolved state due to connectivity issues from the AppViewX installed node or CC node. In such cases, please follow the steps below:
  1. Attempt to establish an SSH connection from the AppViewX installed node or CC node to the Check point server.
  2. Verify if there is proper connectivity between the nodes and the Check point server.

Issues when device goes to failed state with version failure

When a device enters a failed state with version check failure, it typically indicates that the system is unable to retrieve the version information from the Check point SMS server.
  1. Login to the Check point SMS server via CLI using the credentials configured in AppViewX.
  2. Attempt to enter expert mode. The user should be able to switch to expert mode.
    • Verify the expert password provided during on-boarding is correct.
    • Confirm expert mode privileges are granted for the user account.
  3. Once in expert mode, execute the following command: fwm ver. This command should confirm the server is indeed a Check point SMS server and display the version details of the server.
    Sample expected output:
    This is Check Point Security Management Server R81.20 - Build 440