Subscribe to the Blog

Get articles sent directly to your inbox.

This is a real life sample alert from the indeni alert guide for Check Point Firewalls for Proactive Network Management


Some of the certificate authority servers which this device considers to be those to be used during authentication (for example – for VPN) are not accessible. The CA servers for which an issue has been found are listed below. This may result in VPN tunnel failure (according to SK100731).

Unreachable Certificate Authorities

internal_ca (

Manual Remediation Steps:

Identify why the device cannot initiate a connection with the listed certificate authorities and correct as soon as possible.

How does this alert work?

Indeni connects to all gateways and management servers and determines which gateways are configured to connect to which certificate authorities. In most cases, these are the internal certificate authorities (ICA) running on the SmartCenter/Provider-1/Multi-Domain-Manager. Then, for each gateway, indeni will test connectivity from the gateway itself to certain ports (such as 18264) on the certificate authority server. If the test fails, an alert is issued.

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.