Skip to main content

CHKP051 - Failed to Remove Identity from Check Point Gateway

Agent error code #CHKP051 indicates that the Knocknoc agent's request to remove a user's identity from the Check Point gateway was rejected on grant revocation or logout.

A "not found" response on removal is not treated as this error. If the identity is already gone (for example a previous removal partly succeeded, or the gateway's own session timeout already expired it) Knocknoc treats the removal as successful. #CHKP051 means the gateway actively rejected the removal.

Common causes include:

  • The gateway was unreachable or returned an error during the removal
  • A transient gateway-side failure
  • The shared secret or source IP became invalid between the grant and the revoke (see #CHKP003, #CHKP004)

Steps to Resolve

Confirm Whether the Identity Was Removed

  1. On the gateway CLI, run pdp monitor all to list the identities the gateway currently holds
  2. If the user's IP is no longer listed, the identity is gone and no action is needed
  3. If it is still present, it is cleaned up automatically when its session timeout expires

Check Connectivity and Credentials

  1. Confirm the agent can still reach the gateway (see #CHKP000, #CHKP001)
  2. Confirm the shared secret and source IP are still valid (see #CHKP003, #CHKP004)

For the full setup, see the Check Point setup guide.

Back to top