Skip to main content

CHKP052 - Check Point Access Role Not Found

Agent error code #CHKP052 indicates that the Access Role configured on the Knoc does not correspond to an Access Role object on the Check Point gateway.

Knocknoc never creates or modifies Access Roles. It only assigns an existing role to authenticated user IPs, so the role must already exist in policy and be referenced by an active rule. The Identity Web API does not validate role names ahead of time, so a mistyped role is only caught at grant time, and only on gateway versions that report the mismatch. On versions that do not, the identity is registered with the unknown role but no rule matches it, and traffic stays blocked even though no error is raised.

Common causes include:

  • The Access Role name on the Knoc has a typo, wrong case, or extra spaces
  • The Access Role object was renamed or deleted on the gateway
  • The role exists but no installed rule references it, so it has no effect

Steps to Resolve

Match the Role Name Exactly

  1. In SmartConsole, open the Object Explorer and find the Access Role object
  2. Copy its name exactly. Names are case-sensitive and must match byte for byte, including spaces, dashes, and underscores
  3. In the Knocknoc admin interface, open the ACL configuration for the Knoc and paste the name into Access Role

Confirm a Rule Uses the Role

  1. In the Security Policies rulebase, confirm at least one installed rule has the Access Role as its Source
  2. If you added or changed the rule, Install Policy

For the full setup, see the Check Point setup guide.

Back to top