Skip to main content

CHKP054 - Session Timeout Below Gateway Minimum

Agent error code #CHKP054 indicates that the per-identity session timeout Knocknoc sent with the identity was below the minimum the Check Point gateway will accept. The gateway rejected the registration as a result.

When Knocknoc registers an identity it sets a session timeout derived from the grant's remaining lifetime, so the gateway cleans the identity up on its own if the agent is offline when the grant expires. Check Point enforces a minimum on that value, 300 seconds (five minutes) by default. If a grant's lifetime is shorter than the gateway's minimum, the gateway rejects it.

Common causes include:

  • The Knoc's Maximum Grant Duration is shorter than the gateway's session-timeout minimum
  • The gateway's minimum has been raised above the default 300 seconds

Steps to Resolve

Raise the Maximum Grant Duration (Recommended)

  1. In the Knocknoc admin interface, open the affected Knoc
  2. Increase Maximum Grant Duration so grants always exceed the gateway's minimum, at least five minutes for a stock gateway
  3. This is the recommended fix for production

Or Lower the Gateway Minimum

  1. If you need short-lived grants, lower the gateway-side Identity Awareness session-timeout minimum to match
  2. This loosens the automatic cleanup window slightly, so use it only when short grants are a deliberate security choice

For the full setup, see the Check Point setup guide.

Back to top