topic Re: security alert when connecting via endpoint security vpn in SASE and Remote Access

security alert when connecting via endpoint security vpn

nflnetwork29 — Thu, 16 Jun 2022 15:27:48 GMT

I am trying to locate the setting for SSL certificate in cluster XL

we are using endpoint security for remote access vpn

the users are all seeing a "security warning" pop up box prior to connection

I assume a 3rd-party SSL cert would resolve the issue . Can't find where to install the certificate on the Firewall.

Any ideas?

Re: security alert when connecting via endpoint security vpn

PhoneBoy — Thu, 16 Jun 2022 16:18:26 GMT

One error message is a result of the clients unable to reach the certificate revocation list, which is stored on the management server.
The other is a result of not trusting the ICA.
You can deploy the ICA to your clients as trusted via GPO to resolve this issue.
You can also add a certificate to the IPSec VPN section of the gateway object and specify which certificate is used for Remote Access here:

Re: security alert when connecting via endpoint security vpn

nflnetwork29 — Thu, 16 Jun 2022 20:29:46 GMT

for the CRL issue we are using SAML authentication and Azure AD as our identify provider. So we do not use any LDAP account Unit . Is there a workaround for this type of setup?

For the certificate issue how do i generate the certificate sign request (CSR) ?

Re: security alert when connecting via endpoint security vpn

PhoneBoy — Fri, 17 Jun 2022 21:43:32 GMT

This is likely the CRL for the certificate used for VPN itself, which is used irrespective of the authentication method used for users.

To generate a CSR, I believe you need to import the Certificate Authority first.
Then you can use the Add button in the IPSec VPN section of the object to generate the necessary CSR.

Re: security alert when connecting via endpoint security vpn

vasgogo — Fri, 16 Dec 2022 07:33:10 GMT

Hello,

We have the same issue,

We are using SAML authentication to Azure. We have imported our CA and created/signed CSR, but the issue is the same.

Does anyone solve this alert?

Re: security alert when connecting via endpoint security vpn

PhoneBoy — Fri, 16 Dec 2022 15:22:06 GMT

Recommend involving the TAC to troubleshoot.

Re: security alert when connecting via endpoint security vpn

jnoble — Tue, 03 Sep 2024 13:21:46 GMT

Hi, were you able to resolve this issue?

Re: security alert when connecting via endpoint security vpn

Elie_Mbayabo — Fri, 05 Dec 2025 06:27:23 GMT

How did you fix this issue?

When making the Identity Provider object, if you can not have "Remote Access" as a service option.

Verify the URL in the SAML portal settings in the gateway object.
1. If using a 3rd party Certificate. The URL must match the Certificate FQDN, <fixed it by changing from IP to FQDN> https://support.checkpoint.com/results/sk/sk172909