Skip to main content

CHKP003 - Check Point Authentication Failed

Uploading.Agent error code #CHKP003 indicates that the Check Point gateway rejected the shared secret the Knocknoc agent presented to the Identity Awareness Web API. The gateway returned an explicit "wrong password" response.

This is distinct from #CHKP004, where the secret was accepted but the agent's source IP is not authorised, and from #CHKP005, where the gateway refused the request without saying which of the two was wrong. #CHKP003 specifically means the secret did not match.

Common causes include:

    The Shared Secret on the Knoc does not match the Client Secret on the Identity Web API client object in SmartConsole The Client Secret was reset on the gateway but the Knoc was not updated The wrong Identity Web API client is being matched, for example two clients configured with different secrets

    Steps to Resolve

    Reset and Re-enter the Shared Secret

      In SmartConsole, open the gateway object and go to Identity Awareness > Identity Web API > Settings Open the Authorized Client used by Knocknoc and reset its Client Secret. The Web API does not let you read the existing value back, only reset it Copy the new secret In the Knocknoc admin interface, open the connection configuration for the affected Knoc and paste it into Shared Secret Install Policy on the gateway, then save the Knoc and wait for the next grant

      For the full setup, see the Check Point setup guide.

      Back to top