SMB SSL VPN RA client

Document created by Günther W. Albrecht on May 17, 2018
Version 1Show Document
  • View in full screen mode

SSL Network Extender, short SNX, on SMB called SSL VPN, is a lightweight RA VPN client for Win, Mac and Linux. The same clients are presented on GAiA GWs and SMBs - but GAiA also features the MAB portal and functionality that is not available on SMB units. The SNX client is older than MAB (earlier called Connectra) and it also still exists as a legacy client without MAB - but it is used much more often as part of Mobile Access.

 

The main difference between SNX on Embedded and Non-Embedded GAiA is that GAiA has SNX in $CVPNDIR/htdocs/SNX/CSHELL/extender.cab  (the SNXComponentsShell.msi is located in the extender.cab file), on SMB we can find it in /storage/extender/CSHELL/extender.cab. And on GAiA, SNX folder is installed by default with every CP GW installation and updated by e.g. Jumbo Takes. In SMB, the SNX folder is rather empty as the SNX clients are not included in the SMB firmware because of its size, but downloaded from CP only in case they are needed, see sk100319.

 

This usually works very well with locally managed SMB units, but showed issues on centrally managed ones, see the CheckMates discussion Problem with SNX. To resolve this, you can either take SNX from another (locally managed) SMB unit or change management mode, try to connect to SNX if not done already, copy the updated folder and change back. See also the SKs listed further down the page.

 

For configuration purposes, SNX is also featured in Advanced Settings - an example is the parameter:
VPN Remote Access - SNX uninstall
Default Value: Do not uninstall
Indicates when and if the SSL Network Extender client will uninstall itself upon disconnection

 

And we also have a couple of SKs about SNX on SMB:

 

sk94695    SNX VPN disconnects every 20 minutes when connecting to Check Point appliances 600 / 1100
sk97771    SNX portal fails to load on 1100 Appliance
sk98112    "The resource is temporarily unavailable" message when trying to access the SNX Portal on a 1100 appliance
sk99132    Setting SNX connection timeout in 600_1100 appliances for R75.20 HFA50
sk100319    SNX temporarily unavailable
sk112314    SNX client support for AES-256 encryption when connecting to Security Gateway
sk115854    "Cannot establish connection to SSL Network Extender gateway. Try to reconnect" message when trying to connect via SNX after firmware was upgraded to R77.20.51 (or above)

3 people found this helpful

Attachments

    Outcomes