• Alerts
  • Gateway Cannot Access Certificate Authority: Check Point Alert Guide

Gateway Cannot Access Certificate Authority: Check Point Alert Guide

This is a real life sample alert from the indeni alert guide for Check Point Firewalls for Proactive Network Management

Description:

Some of the certificate authority servers which this device considers to be those to be used during authentication (for example – for VPN) are not accessible. The CA servers for which an issue has been found are listed below. This may result in VPN tunnel failure (according to SK100731).

Unreachable Certificate Authorities

internal_ca (10.1.7.112)

Manual Remediation Steps:

Identify why the device cannot initiate a connection with the listed certificate authorities and correct as soon as possible.

How does this alert work?

Indeni connects to all gateways and management servers and determines which gateways are configured to connect to which certificate authorities. In most cases, these are the internal certificate authorities (ICA) running on the SmartCenter/Provider-1/Multi-Domain-Manager. Then, for each gateway, indeni will test connectivity from the gateway itself to certain ports (such as 18264) on the certificate authority server. If the test fails, an alert is issued.

Modern network complexities can introduce security risks, operational risks, and create huge operational expense for your organization when not properly managed. Join our webinar on February 26 to learn how BlueCat helps you augment your Cisco implementations.