Skip to main content

CHKP001 - Check Point Connection Timed Out

Agent error code #CHKP001 indicates that the Knocknoc agent reached the network path to the Check Point gateway but the gateway did not respond within the request time budget.

This differs from #CHKP000, where the connection could not be opened at all. With #CHKP001 the path is reachable: something accepted the connection, but no timely response came back.

Common causes include:

  • The gateway is under heavy load and slow to answer Identity Awareness Web API requests
  • A firewall or load balancer on the path is silently dropping packets rather than refusing the connection
  • The hostname points at a device that accepts the TCP connection but never completes the HTTPS exchange, such as the wrong port or a black-holed VIP
  • Transient network congestion between the agent and the gateway

Steps to Resolve

Check Gateway Health

  1. Confirm the gateway is responsive for other management traffic
  2. Check gateway CPU and load. A saturated gateway can be slow to service Web API calls

Inspect the Network Path

  1. Confirm any intermediate firewall is set to reject rather than silently drop traffic it blocks, so failures surface immediately instead of timing out
  2. If the agent egresses through a proxy or jump host, confirm that path is not adding latency or dropping the connection

Retry

  1. A transient timeout is retried automatically on the next grant or revoke
  2. If timeouts persist, run Validate connection from the Knoc page to confirm reachability

For the full setup, see the Check Point setup guide.

Back to top