https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34286#M88239 <HTML><HEAD></HEAD><BODY><P>Hi guys,</P><P></P><P>I have found an issue and its apparent on at least two of our customers firewalls. When the terminal server multi user agent is connected, if we click disconnect from gateway in agent window, or if I run the command "pdp control revoke_ip" the agent will never be able to reconnect. Even after uninstalling the agent, rebooting and reinstalling, the agent will no longer reconnect.</P><P></P><P>Is there any possibility the checkpoint or the windows server has revoked the ssl certificate meaning until I delete that revocation it will never connect?&nbsp;Even after months, the client cannot reconnect so it seems something has permanently blocked this connection (where other clients are still connected without issue) but i can't figure out where this is happening.</P><P></P><P>thanks</P></BODY></HTML> Mon, 18 Feb 2019 23:05:13 GMT Ryan_Ryan 2019-02-18T23:05:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34286#M88239 <HTML><HEAD></HEAD><BODY><P>Hi guys,</P><P></P><P>I have found an issue and its apparent on at least two of our customers firewalls. When the terminal server multi user agent is connected, if we click disconnect from gateway in agent window, or if I run the command "pdp control revoke_ip" the agent will never be able to reconnect. Even after uninstalling the agent, rebooting and reinstalling, the agent will no longer reconnect.</P><P></P><P>Is there any possibility the checkpoint or the windows server has revoked the ssl certificate meaning until I delete that revocation it will never connect?&nbsp;Even after months, the client cannot reconnect so it seems something has permanently blocked this connection (where other clients are still connected without issue) but i can't figure out where this is happening.</P><P></P><P>thanks</P></BODY></HTML> Mon, 18 Feb 2019 23:05:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34286#M88239 Ryan_Ryan 2019-02-18T23:05:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34287#M88240 <HTML><HEAD></HEAD><BODY><P>You do not mention the version used - for R77.30,&nbsp;<SPAN style="color: #333333; background-color: #ffffff;">pdp control revoke_ip should not terminate the connection (according to&nbsp;sk122838), but if you&nbsp;try to connect to the web resource again, you should be redirected to the Captive Portal (see&nbsp;Identity Awareness Administration Guide R77 Versions p.79).</SPAN></P><P></P><P><SPAN style="color: #333333; background-color: #ffffff;">So after disconnect, when trying to connect again the user&nbsp;must authenticate again. I would involve TAC here as this behaviour is&nbsp;not as expected.</SPAN></P></BODY></HTML> Tue, 19 Feb 2019 08:26:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34287#M88240 G_W_Albrecht 2019-02-19T08:26:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34288#M88241 <HTML><HEAD></HEAD><BODY><P>Forgot that! its R77.30.</P><P></P><P>I also forgot to mention this is the Multi User Host agent. (although it may also be present in the single user agent - have not tried that yet) Anyone else have it installed, feel free to give it a try, if you click disconnect from gateway on the agent, or if you click revoke IP, once the agent then shows disconnected, you will not get it to reconnect, although I did have success on one machine by uninstalling, rebooting and reinstalling, I have had other machines even doing that doesn't fix it.seems once you click that button&nbsp;you are stuck, (repairing connection doesn't work/factory reset settings doesnt work)</P><P></P><P>Would be very interested if someone else was able to confirm this behaviour.</P></BODY></HTML> Tue, 19 Feb 2019 22:02:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34288#M88241 Ryan_Ryan 2019-02-19T22:02:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34289#M88242 <HTML><HEAD></HEAD><BODY><P>I did know that the MUH Agent is used, but i found nothing more even in&nbsp;sk66761. Admin Guide speaks of&nbsp;Configure a shared secret between the Terminal Servers Identity Agents and the gateway. But then, it should just work...</P><P></P><P>This sounds like a Windows registry issue - sometimes, uninstall fails to clean the registry. sk118612 give it as&nbsp;<EM>HKEY_USERS\S-1-5-18\Software\CheckPoint\IA</EM></P></BODY></HTML> Wed, 20 Feb 2019 07:51:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Agent-Revoke-IP/m-p/34289#M88242 G_W_Albrecht 2019-02-20T07:51:47Z