Skip to main content

CHKP000 - Failed to Connect to Check Point Gateway

Uploading..Agent error code #CHKP000 indicates that the Knocknoc agent could not open a network connection to the Check Point gateway's Identity Awareness Web API. The connection failed before any TLS handshake or authentication took place.

This is a network-level failure, distinct from a timeout (#CHKP001, where the path is reachable but the gateway does not respond in time) and from a TLS error (#CHKP002, where the connection opens but the certificate is not trusted).

Common causes include:

    The Gateway Hostname configured on the Knoc is misspelled or does not resolve in DNS The agent host has no network route to the gateway, or a firewall between them is dropping the connection The Identity Awareness Web API is published on a non-standard port that was not included in the hostname (for example gw.example.com:4434) The gateway is powered off, or its portal service is not running

    Steps to Resolve

    Confirm the Gateway Hostname

      In the Knocknoc admin interface, open the connection configuration for the affected Check Point Knoc Check the Gateway Hostname value. It should be the hostname or IP of the gateway serving the Identity Awareness Web API, optionally with :port For an HA cluster, confirm it points at the cluster VIP, not an individual member

      For the full setup, see the Check Point setup guide.

      Test Connectivity from the Agent Host

        From the host running the Knocknoc agent, confirm DNS resolves: nslookup gw.example.com Confirm the port is open: nc -vz gw.example.com 443 If either fails, the problem is in DNS, routing, or a firewall on the path, not in Knocknoc

        Check the Network Path

          Confirm no firewall between the agent and the gateway is blocking outbound HTTPS If the agent egresses through a NAT, proxy, or jump host, confirm that path reaches the gateway
          Back to top