{“ResourceType”:“runtimeconfig.v1beta1.waiter”,“ResourceErrorCode”:“504”,“ResourceErrorMessage”:“Timeout expired.”}

[Joachim Zint]

what does the message mean when deploying a Check Point CloudGuard IaaS High Availability (BYOL)?

{“ResourceType”:“runtimeconfig.v1beta1.waiter”,“ResourceErrorCode”:“504”,“ResourceErrorMessage”:“Timeout expired.”}

[Fady (Google Cloud Platform)]

I assume it means that a task or a precondition timed out and “Deployment Manager” can not proceed with the deployment. So basically the marketplace solution is using Runtime Configurator as part of the deployment. This document might shed some light on the error. 

It is not clear from the error the reason for the timeout. As a starting point this troubleshooting guide about marketplace deployments might help. However, according to this Checkpoint solution article , it seems that some prerequisites for the deployment are needed. Quoting from the article:

“Cause

The Compute Engine Default Service account may not be present or enabled. 

Google Private Access may not be enabled for the Cluster Network.”

To verify the default service account you may verify this article. You may also verify this document to undelete the account (within 30 days from deletion) if you have mistakenly deleted it. You need to make sure to re-apply the IAM roles (project editor) if this is the case. As for setting a Google Private access you may verify this document. I have also found this checkpoint community post about a workaround that might help. 

Nevertheless, the marketplace solution directs to this article about how to set up the entire environment. Here is also a reference architecture that might help. 

If the above did not help, and as it is a third party solution, it is best to reach them (Checkpoint team who are maintaining the deployment) for guidance as we do not have much visibility about it. If it is affecting multiple users, they might reach us through their support channels for debugging it. I hope I pointed you in the right direction. 

[Joachim Zint]

Thx for the valuable input. I`ll check the information and I´m pretty sure it will solve my topic.

[Joachim Zint]

The error message is not a speaking one, anyway I just forgot to enable the "private access" on VPC level. Thx for your help.

[Fady (Google Cloud Platform)]

I am glad that my input helped. I agree the error message is not very user friendly. You may create a feature request explaining the use case in detail to improve it. This document should help with using issue tracker. 

Theoretically, you may get more information about the waiter if you describe it such as using this gcloud command. For that you need the config name and the waiter name.  Here is how you can list config names and describe them. Here is how you can list waiter names within a config.