Skip to main content

CHKP003 - Check Point Authentication Failed

Agent error code #CHKP003 indicates that the Check Point gateway rejected the shared secret the Knocknoc agent presented to the Identity Awareness Web API. The gateway returned an explicit "wrong password" response.

This is distinct from #CHKP004, where the secret was accepted but the agent's source IP is not authorised, and from #CHKP005, where the gateway refused the request without saying which of the two was wrong. #CHKP003 specifically means the secret did not match.

Common causes include:

  • The Shared Secret on the Knoc does not match the Client Secret on the Identity Web API client object in SmartConsole
  • The Client Secret was reset on the gateway but the Knoc was not updated
  • The wrong Identity Web API client is being matched, for example two clients configured with different secrets

Steps to Resolve

Reset and Re-enter the Shared Secret

  1. In SmartConsole, open the gateway object and go to Identity Awareness > Identity Web API > Settings
  2. Open the Authorized Client used by Knocknoc and reset its Client Secret. The Web API does not let you read the existing value back, only reset it
  3. Copy the new secret
  4. In the Knocknoc admin interface, open the connection configuration for the affected Knoc and paste it into Shared Secret
  5. Install Policy on the gateway, then save the Knoc and wait for the next grant

For the full setup, see the Check Point setup guide.

Back to top