The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: Communication with site xxxx has failed

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


Q:

Whenever I try and try and connect to my site via SecuRemote, I get one of the following error messages:

No answer received from a FireWall at site xxxx

Communication with site xxxx has failed.

A:

It could be any of the following:
  • A routing problem at the client
  • Something blocking communication between the SecuRemote Client and Server
  • The username and password specified are incorrect
  • The workstation object representing the firewall object is listed with a non-routable address. It should always have the external, routable address.
  • The nodename IP address of your firewall does not resolve to a hostname. Add an entry for your nodename in the local hosts file. It should resolve to the external, routable address as above.
  • Peter van Oosterom suggests it may be because you have licensed your system against the wrong IP address. This usually isn't a problem, but Check Point recommends licensing the product against the external, routable IP address.
  • You may be trying to use DES or 3DES whereas the SecuRemote client software in use is the Export or DES version. Help->About will tell you which version of the client you have. In NG, this is no longer an issue.
  • Sometimes, SecuRemote will get deadlocked and need to be kicked. Using the NG Feature Pack 1 version of Secure Client on Windows 2000, you can clear this by killing both Check Point services in the Service and restarting them. Or do it on the command line with the following commands:

         net stop sr_service
         net stop sr_watchdog
         net start sr_watchdog

    Then restart the Secure Client GUI using the entry in the Program Menu.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.