Troubleshooting of Cloud Firewall for AWS Auto Scaling Groups

  1. To test the configuration, run these commands on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:

    1. Stop cme service (recommended):

      service cme stop

    2. Run cme test:

      service cme test

      Check the output of this command to verify that your setup is working properly.

    3. Start cme service (if it was stopped before the test):

      service cme start

      Note - The Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.'s clock must be set correctly, preferably with NTP. A synchronized clock is necessary to make API calls into AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services..

  2. Review logs created by the cme service on the Security Management Server (the /opt/CPcme/var/log/cme.log* files).

  3. Make sure that the external ELB is associated with the Auto Scaling group - the Cloud Firewall Gateways shows on the Targets tab of the external ELB's target group.

  4. Make sure that the Cloud Firewall Gateways Status is reported as Healthy.

    Check the Health Check setting on the Cloud Firewall Gateways target group.

  5. If you enabled the CloudWatch metrics and you do not see the metrics in AWS console, run this command:

    /sbin/cloudwatch start