Certificate authority not accessible for Check Point


Check Point


If the certificate authority is not accessible to a firewall, VPN tunnels relying on certificates may fail.

Remediation Steps

Identify why the device cannot initiate a connection with the listed servers.

How does this work?

By checking the current connections on port 257 and then attempting to connect to the same IP on port 18264 the connection is verified.

Why is this important?

Devices that maintain VPN tunnels might authenticate using certificates, especially if both devices on either end of the tunnel are managed by the same management server. They would then need to connect to the management server to exchange certificates. If this communication is not working VPN tunnels could fail.

Without Indeni how would you find this?

An administrator could login and manually run the command.

View Source Code