https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15439#M14147 <HTML><HEAD></HEAD><BODY><P>Another case on my testing enviroment. Trying to connect with SNX by login on mobile acces portal using internal certificate. While pushing "Connect" button, SNX fails to connect with&nbsp; reject action and errors in server logs:&nbsp;Error in disconnecting user in reason, and&nbsp;SNX connection failed in description.</P><P></P><P>If I login on MA portal using username/password, SNX connects successfuly. And I can use my native applications.</P><P></P><P>I'm using new SNX version with cshell, thats listen on localhost:14186</P><P></P><P>What I can't use internal certificates with new SNX? Old-good snx works fine</P></BODY></HTML> Thu, 30 Nov 2017 13:59:34 GMT Anton_Kazantsev 2017-11-30T13:59:34Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15439#M14147 <HTML><HEAD></HEAD><BODY><P>Another case on my testing enviroment. Trying to connect with SNX by login on mobile acces portal using internal certificate. While pushing "Connect" button, SNX fails to connect with&nbsp; reject action and errors in server logs:&nbsp;Error in disconnecting user in reason, and&nbsp;SNX connection failed in description.</P><P></P><P>If I login on MA portal using username/password, SNX connects successfuly. And I can use my native applications.</P><P></P><P>I'm using new SNX version with cshell, thats listen on localhost:14186</P><P></P><P>What I can't use internal certificates with new SNX? Old-good snx works fine</P></BODY></HTML> Thu, 30 Nov 2017 13:59:34 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15439#M14147 Anton_Kazantsev 2017-11-30T13:59:34Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15440#M14148 <HTML><HEAD></HEAD><BODY><P>Possible you may need a hotfix to address this per the following SK:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101588" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101588">SNX connection from command line fails with "SNX: Authentication failed" when using a certificate</A>&nbsp;</P></BODY></HTML> Thu, 30 Nov 2017 18:02:32 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15440#M14148 PhoneBoy 2017-11-30T18:02:32Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15441#M14149 <HTML><HEAD></HEAD><BODY><P>It's&nbsp;<SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">sk101588? It applicable if I use SNX&nbsp;from cli. But I use it from browser with new cshell deployment agent. What name of the patch is? Maybe it already installed</SPAN></P></BODY></HTML> Thu, 30 Nov 2017 20:34:26 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15441#M14149 Anton_Kazantsev 2017-11-30T20:34:26Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15442#M14150 <HTML><HEAD></HEAD><BODY><P>I imagine the fix is similar in both the CLI and Browser case.</P><P>The name of the hotfix is unique to your specific version.</P><P>The internal notes don't mention any currently supported version.</P><P>I would follow-up with the TAC.&nbsp;</P></BODY></HTML> Thu, 30 Nov 2017 21:59:51 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-with-logon-on-MA-portal-using-internal-certificates/m-p/15442#M14150 PhoneBoy 2017-11-30T21:59:51Z