https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125454#M8240 <P>Form the gateway side error "SNX connection failed".</P> Mon, 02 Aug 2021 11:50:12 GMT Mishgek 2021-08-02T11:50:12Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125313#M8238 <P>Hello guys! I have a problem with connection through SSL Extender on linux machine.</P><P>We have two gateways v.80.30, lets name it io.corp.com and sa.corp.com.</P><P>Client: CentOS 7.9, java-11-openjdk and all prerequisites from sk119772. SNX&nbsp; build 800010003.</P><P>SSL Extender with io.corp.com working just fine. With first connections window with certificate fingerprint pops up, we accept it and connection is established. When we try to connect to sa.corp.com. SSL Extender window closing without any error. I found error in /var/log/cshell/cshell.log. Could it be that the root of a problem is server certificate with asterisk *?</P><P>&nbsp;</P><P>30/07/2021 10:09:47 INFO [global] (Log log) [SNXNetMode] Could not connect to SNX Network Mode, probably not installed.<BR />30/07/2021 10:09:47 INFO [global] (Log log) [Launcher] Launching /usr/bin/snx -Z<BR />30/07/2021 10:09:48 INFO [CpComponent] (CpComponent initPipe) Trying to create socket to 127.0.0.1:7776<BR />30/07/2021 10:09:48 INFO [global] (Log log) [SNXNetMode] Successfully connected to SNX Network Mode.<BR />30/07/2021 10:09:48 INFO [global] (Log log) [SNXNetMode] Connection to SNX Network Mode is ok<BR />30/07/2021 10:09:48 INFO [CpComponent] (CpComponent connect) Connecting...<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] detectProxy, name = sa.corp.ru<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] detectProxy, proxyFullPath = /tmp/.proxy.ini<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] URI = <A href="https://sa.corp.ru" target="_blank" rel="noopener">https://sa.corp.ru</A><BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] about to get the system-wide proxy selector...<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] about select proxy list from the selector...<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] about iterate the proxy list...<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] about iterate the proxy #0...<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] about to get address from proxy...<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] no proxy - continue<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Proxy] done with the list - there is no proxy<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Sending INIT_DATA message:<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Gateway IP: 95.113.123.212<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Gateway name: sa.corp.ru<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Gateway port: 443<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Proxy IP: 0.0.0.0<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Proxy port: 0<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Server CN: <FONT color="#FF0000">*.corp.ru</FONT><BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] User Name: USER<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Server fingerprint: SAGE LAKE DAME HARD TIDY BROW DEL SEEK IKE GLEE CRUD ION<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Automatic proxy replacement: true<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Sending INIT_DATA_EX message:<BR />30/07/2021 10:09:48 INFO [global] (Log log) [Messaging] Allow only packets from sws: false<BR />30/07/2021 10:09:48 INFO [global] (Log log) [CShell] Initialized successfully<BR />30/07/2021 10:09:49 INFO [CShellHTTPHandler] (CShellHTTPHandler proceedHandleRequest) Method name: get_is_connected<BR />30/07/2021 10:09:49 INFO [CShellHTTPHandler] (CShellHTTPHandler proceedHandleRequest) Method name: get_finished<BR />30/07/2021 10:09:49 INFO [global] (Log log) [Messaging] Received DISCONNECTED message, Error 32: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.<BR />30/07/2021 10:09:49 INFO [CpComponent] (CpComponent run) Received 'Disconnect' message from SNX:<BR />ID: 32 MSG:Cannot establish connection to SSL Network Extender gateway. Try to reconnect.<BR />30/07/2021 10:09:49 WARNING [TunnelChecker] (TunnelChecker disconnectTunnel) Can't disconnect tunnel, client director is not defined.<BR />30/07/2021 10:09:49 WARNING [TunnelChecker] (TunnelChecker stop) Can't stop disconnect checker, processed handle is not defined.<BR />30/07/2021 10:09:50 INFO [CShellHTTPHandler] (CShellHTTPHandler proceedHandleRequest) Method name: Uninitialize<BR />30/07/2021 10:09:50 WARNING [TunnelChecker] (TunnelChecker disconnectTunnel) Can't disconnect tunnel, client director is not defined.<BR />30/07/2021 10:09:50 WARNING [TunnelChecker] (TunnelChecker stop) Can't stop disconnect checker, processed handle is not defined.<BR />30/07/2021 10:09:50 INFO [CShellHTTPHandler] (CShellHTTPHandler proceedHandleRequest) Method name: stop<BR />30/07/2021 10:09:50 WARNING [TunnelChecker] (TunnelChecker disconnectTunnel) Can't disconnect tunnel, client director is not defined.<BR />30/07/2021 10:09:50 WARNING [TunnelChecker] (TunnelChecker stop) Can't stop disconnect checker, processed handle is not defined.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 03 Aug 2021 06:13:47 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125313#M8238 Mishgek 2021-08-03T06:13:47Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125408#M8239 <P>What's the error message from the gateway side of things?</P> Mon, 02 Aug 2021 00:48:59 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125408#M8239 PhoneBoy 2021-08-02T00:48:59Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125454#M8240 <P>Form the gateway side error "SNX connection failed".</P> Mon, 02 Aug 2021 11:50:12 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125454#M8240 Mishgek 2021-08-02T11:50:12Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125508#M8241 <P>Where precisely are you seeing that error message?<BR />I believe you can get more information on the client side by using the -g option when invoking SNX.</P> <P>&nbsp;</P> Mon, 02 Aug 2021 20:22:07 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125508#M8241 PhoneBoy 2021-08-02T20:22:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125515#M8242 <P>Let me discuss this with one of my colleagues, see what he says about it, as I believe he made it work for one of our customers. Though based on errors you gave, I really agree with your logic that it could be certificate issue.</P> Tue, 03 Aug 2021 00:37:48 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125515#M8242 the_rock 2021-08-03T00:37:48Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125546#M8243 <P>I will find out about error from gateway administrator. There is logs from SNX when I invoking connection with gateways by doing command "snx -s sa.corp.ru -u user -g" and "snx -s io.corp.ru -u user -g". We dont use SNX to connect through CLI. I thought it was not supported any more? I am using Firefox 78 web browser on CentOS with java-11-openjdk (i tried 8,11,16 ande jre 8). We have Windows clients with IE which going throught sa.cotp.ru without problems.</P> Tue, 03 Aug 2021 06:12:53 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/125546#M8243 Mishgek 2021-08-03T06:12:53Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/126213#M8244 <P>Could it be that this hotfix <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113410" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113410</A> not installed on the gateway? How to confirm it?</P> Tue, 10 Aug 2021 12:43:57 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/126213#M8244 Mishgek 2021-08-10T12:43:57Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/126273#M8245 <P>If you can use it from a Windows machine with Chrome (versus Internet Explorer), then the hotfix is installed.<BR />Otherwise, it's not.&nbsp;</P> Tue, 10 Aug 2021 18:02:09 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-on-linux/m-p/126273#M8245 PhoneBoy 2021-08-10T18:02:09Z