Skip to main content

CHKP005 - Check Point Request Refused

Agent error code #CHKP005 indicates that the Check Point gateway refused the request with a bare HTTP 404 or 403 and no specific error code in the body. The gateway gives the same response whether the shared secret is wrong or the agent's source IP is not authorised, so Knocknoc cannot tell the two apart and reports this combined code.

Because the cause is ambiguous, treat this as "check both" rather than a single fault. When the gateway does return a specific code, Knocknoc reports the precise cause instead: a rejected secret as #CHKP003, an unauthorised source IP as #CHKP004, and a disabled blade as #CHKP053.

Common causes include:

  • The Shared Secret on the Knoc does not match the Client Secret on the Identity Web API client
  • The agent's source IP is not the address on the host object bound to the client
  • The Identity Web API portal is not online yet because policy has not been installed since the client was configured

Steps to Resolve

Check Both the Secret and the Source IP

  1. In SmartConsole, open the gateway object and go to Identity Awareness > Identity Web API > Settings
  2. Confirm the Authorized Client's Client Secret matches the Shared Secret on the Knoc. Reset it if you are unsure (see #CHKP003)
  3. Confirm the host object bound to the client carries the agent's real source IP (see #CHKP004)

Confirm the Web API Portal Is Online

  1. Configuring the Web API only updates the management database. The portal does not come online until you Install Policy
  2. If you configured the client recently, Install Policy from SmartConsole and retry

For the full setup, see the Check Point setup guide.

Back to top