Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sharkbone
Participant

Screenmirroring (Miracast) connection error

We have had the scenario where our Screen mirroring via Miracast or any other technology works only after uninstalling Checkpoint VPN/Firewall software from the affected client. Research shows that most third party VPN solutions identify WiFi Direct (the underlying technology for Miracast/screensharing) as a "Split Tunnel" connection and deem it a risk to security so they disable the functionality.

Are there alternative workarounds to this instead of totally uninstalling Checkpoint in order to get this working? We can only keep Checkpoint as our endpoint security solution (vpn / firewall) if we find a permanent solution to this problem or else management will be forced to turn to another solution. 

Refer to this post https://superuser.com/questions/1353896/miracast-connection-error-after-joining-ad-domain

0 Kudos
13 Replies
G_W_Albrecht
Legend
Legend

Did you already involve CP TAC here ? 

CCSE CCTE CCSM SMB Specialist
sharkbone
Participant

Who or what is CP TAC? Can you please direct or connect me to this ? 

0 Kudos
Wolfgang
Authority
Authority

Hope TAC can help.

We are using Windows10 clients with latest EndPoint client from Check Point.

And sending the screen to another via Miracast is no problem. 

Wolfgang

sharkbone
Participant

How do you make this work? Do you have a special configuration? You have seen my issue and can advise exactly on what i need to do.
0 Kudos
Wolfgang
Authority
Authority

No special configuration there, not on the client not on the central site. We use a normal remote VPN configuration. 

I can‘t say why it works, because we never had problems with this. 

Did you checked all your logs, maybee some of the needed connections is blocked by rules.

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin

We do not require you to use Split Tunnel, do we can enforce it if you so desire.
If you still want to force Split Tunnel but allow access to local subnets, which I believe will allow WiFi Direct to work, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
sharkbone
Participant

I went to the solution but it says i require advance access . I was just able to view the solution summary but not the detail.
0 Kudos
PhoneBoy
Admin
Admin

Unfortunately, we're not allowed to copy/paste SK articles into CheckMates.
Article requiring Advanced Access generally require having an active support agreement, which is also required to contact the TAC.
TAC contact details are here: https://www.checkpoint.com/support-services/contact-support/

Perhaps a more complete source of information around this can be found in this document, which you should be able to access: http://downloads.checkpoint.com/dc/download.htm?ID=60345
Specifically, in the section Remote Access Modes.
sharkbone
Participant

Appreciate. Will have a look at it .

0 Kudos
Velocy
Participant

Hi,

there was indeed an Error with Miracast I've dealed with last year, but this was caused by a Security Bug in Checkpoint (iirc we had E80.71 and it was fixed in E80.80+). This bug caused an issue creating or modifying (like driver update) network adapters, after Checkpoint Endpoint Security has been installed. We noticed when we wanted to update the WiFi driver on some devices, but after the driver was installed, the device just had a yellow exclamation mark in the device manager.

Uninstalling Checkpoint immediately resolved the issue. After reinstalling checkpoint the device still worked.

This also affected Wireless Display / Miracast. The WiFi direct connection is created upon the first time you try to connect to a wireless display. With the bug mentioned above, the creation of the WiFi direct connection failed kind of and Wireless display didn't work. If it was used once, before the mentioned checkpoint version has been installed, it also worked afterwards.

Also, if you utilize client firewalls or the checkpoint's local firewall, make sure you configure it correctly. I think Trendmicro has a nice KB article for IP ranges and ports.

Kind regards

 

0 Kudos
Drax
Explorer

Having the same issue here.  Using client 81.10.  If you uninstall the client you are able to Miracast.  You can reinstall the client and setup your site and it will still work.  However, once you connect the vpn client Miracast stops working and will not work even when you disconnect the client.  The only thing that will allow it to work again is to uninstall the client.  

Any suggestions would be greatly appreciated.

0 Kudos
Tracy_Hazlett
Explorer

Did you find a solution?  We are having the same issue you describe.  thanks. 

0 Kudos
Velocy
Participant

Well, if the issue appears only after the client has connected once, I'd strongly point into the firewall's direction.

The issue I had in the past was, that the WiFi Direct Connection could not be created due to a bug in CP, but that should be solved. If you have the Windows Firewall enabled I often noticed some "strange" behavior in the past. Most important thing to consider is, that from an NLA / Firewall point of view (network location awareness) the WiFi Direct connection to the Remote-Screen is considered a Private / Public connection. There is a good article from a competioner (not sure if I'm allowed to link that) that describes IP ranges and ports. Just google for: wireless display ports firewall should be in the top 5 results.

A good start troubleshooting would be, to have the feature (temporarily) enabled so a user can turn off the firewall policy of Endpoint Security, so you can check if it works without it. Also check the Windows Firewall Log (if enabled) if you can see any drops.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events