https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223188#M3332 <P>The user upgraded to E88.50 and we are still seeing the issue.&nbsp; ICMP pings from his PC or router to the gateway.&nbsp;&nbsp; Is there some kind of keepalive ping check on Endpoint Security I can have him uncheck?&nbsp;&nbsp; We are trying to figure out what's sending pings back to the remote access gateway (which are dropped) dest-unreach (ICMP).&nbsp; We don't allow ping.</P> Fri, 09 Aug 2024 20:58:53 GMT Daniel_Kavan 2024-08-09T20:58:53Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223188#M3332 <P>The user upgraded to E88.50 and we are still seeing the issue.&nbsp; ICMP pings from his PC or router to the gateway.&nbsp;&nbsp; Is there some kind of keepalive ping check on Endpoint Security I can have him uncheck?&nbsp;&nbsp; We are trying to figure out what's sending pings back to the remote access gateway (which are dropped) dest-unreach (ICMP).&nbsp; We don't allow ping.</P> Fri, 09 Aug 2024 20:58:53 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223188#M3332 Daniel_Kavan 2024-08-09T20:58:53Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223190#M3333 <P>Yes, there is and it actually has absolutely zero to do with endpoint version. Its in global properties and its refered to below.</P> <P>Hope that helps.</P> <P>Best,</P> <P>Andy</P> <P>&nbsp;</P> <P><A href="http://downloads.checkpoint.com/dc/download.htm?ID=60345" target="_blank">http://downloads.checkpoint.com/dc/download.htm?ID=60345</A></P> <P>&nbsp;</P> <P class="x_MsoNormal">To configure tunnel idleness:</P> <P class="x_MsoNormal">1. Connect to the Security Management Server with GuiDBedit.</P> <P class="x_MsoNormal">2. Open the Global Properties &gt; properties &gt; firewall_properties object.</P> <P class="x_MsoNormal">3. Find disconnect_on_idle and these parameters:</P> <P class="x_MsoNormal">&nbsp; • do_not_check_idleness_on_icmp_packets</P> <P class="x_MsoNormal">&nbsp;&nbsp;• do_not_check_idleness_on_these_services - Enter the port numbers for the services that you want to ignore when idleness is checked.</P> <P class="x_MsoNormal">&nbsp;&nbsp;• enable_disconnect_on_idle - to enable the feature</P> <P class="x_MsoNormal">&nbsp;&nbsp;• idle_timeout_in_minutes</P> <P class="x_MsoNormal">4. Save and install the policy.</P> <P class="x_MsoNormal">&nbsp;</P> <P class="x_MsoNormal">Btw, there is ping option there you can change, so if user is somewhat savvy, they can always keep pinging say google dns in cmd and tunnel will NEVER time out, though its supposed to say after 60 mins (just as an example)</P> Sat, 10 Aug 2024 00:38:41 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223190#M3333 the_rock 2024-08-10T00:38:41Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223327#M3334 <P>Thanks, that 60345 link isn't opening for me.&nbsp; &nbsp; I'm looking for something to change on the client side actually.&nbsp; &nbsp;Is there a tunnel keep alive check box for example?</P> Mon, 12 Aug 2024 13:30:33 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223327#M3334 Daniel_Kavan 2024-08-12T13:30:33Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223331#M3335 <P>There is enable always connect, but in order for client to be able to check that, it has to be enabled in global properties, under endpoint options. Except in your case, it should say always connected.</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/27210iF3BFCB45BE16F536/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_2.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/27211i6666EAD8FFDE1327/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_2.png" alt="Screenshot_2.png" /></span></P> <P> </P> Mon, 12 Aug 2024 13:42:43 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223331#M3335 the_rock 2024-08-12T13:42:43Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223332#M3336 <P>It is just RAS VPN Admin guide, you can look it up as HTML page under support.checkpoint.com</P> <P>&nbsp;</P> Mon, 12 Aug 2024 13:56:21 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223332#M3336 _Val_ 2024-08-12T13:56:21Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223336#M3337 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/599">@Daniel_Kavan</a>&nbsp;Glad we can help mate. If anything else, just update the thread.</P> <P>Andy</P> Mon, 12 Aug 2024 14:25:00 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/keepalive-on-Endpoint-Security/m-p/223336#M3337 the_rock 2024-08-12T14:25:00Z