CHKP051 - Failed to Remove Identity from Check Point Gateway

Uploading..Agent error code #CHKP051 indicates that the Knocknoc agent's request to remove a user's identity from the Check Point gateway was rejected on grant revocation or logout.

A "not found" response on removal is not treated as this error. If the identity is already gone (for example a previous removal partly succeeded, or the gateway's own session timeout already expired it) Knocknoc treats the removal as successful. #CHKP051 means the gateway actively rejected the removal.

Common causes include:

The gateway was unreachable or returned an error during the removal A transient gateway-side failure The shared secret or source IP became invalid between the grant and the revoke (see #CHKP003, #CHKP004)

Steps to Resolve

Confirm Whether the Identity Was Removed

On the gateway CLI, run pdp monitor all to list the identities the gateway currently holds If the user's IP is no longer listed, the identity is gone and no action is needed If it is still present, it is cleaned up automatically when its session timeout expires

Check Connectivity and Credentials

Confirm the agent can still reach the gateway (see #CHKP000, #CHKP001) Confirm the shared secret and source IP are still valid (see #CHKP003, #CHKP004)

For the full setup, see the Check Point setup guide.