This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ob1lan
Collaborator
‎2020-10-15 02:19 AM

Endpoint Security on MacOS make proxies software not working

Hi, 

We've got several users complaining about a strange behavior. They are all Mac users, and have to use some proxies debuging tools software (MITMProxy, Charles Proxy) for their work.

More than 10 of them reported these tools no longer work if the Check Point Endpoint Security is installed, regardless of VPN connection state. If they uninstall the Endpoint Security tool, it works again.

Have any of you ever heard of this ? They need both software installed as most are now working from home. They also reported it still works with both for some users, regardless of MacOS version.

Thanks in advance for your help !

Regards,

Antoine

10 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-10-15 02:41 AM

Please explain if this is is managed by an EPS Server or a StandAlone VPN client. Be sure to use the newest Mac Version E83.20 client. That it works for some users sounds like there are reasons it does not work for others, but should work for all. Maybe involve TAC ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Ob1lan
Collaborator
‎2020-10-15 03:09 AM
In response to G_W_Albrecht

Thanks for your reply. This is used to connect our office (Remote Access VPN). I'll check if there is a correlation with software version, and maybe ask them also to test a previous version.

Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-10-15 02:40 AM

What blades are they using? Have you tried excluding this application?

Either way, I suggest you'll go through TAC as they can surely help in such cases.

Ob1lan
Collaborator
‎2020-10-15 03:08 AM
In response to Kobie_Bendalak

Thanks for your answer. They are simply using the Endpoint Security software for Remote Access VPN to our office. How can I exclude the relevant application ?

I'll involve TAC if I can't find a solution by myself in a timely fashion. 

Thanks !

 

G_W_Albrecht
Legend Legend
Legend
‎2020-10-15 03:13 AM
In response to Ob1lan

If you do not have an Endpoint Security Server installed and use E83.20 Check Point Endpoint Security Client for macOS, you have E83.20 Endpoint Security VPN for macOS only - no way to exclude anything here, only to disable the Desktop firewall...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Ob1lan
Collaborator
‎2020-10-16 01:48 AM
In response to G_W_Albrecht

Hi,

So to recap our investigation : it's not working with E82.00, E82.50 and E83.20. For some users it does work, but for most of them it doesn't.

We made them try E80.89, and they do not have any issue with their tools.

So right now looks like we have a workaround, but I'd like to pinpoint the actual issue to avoid having users to use that old version for too long.

Any idea what I should look for next ?

Thanks in advance.

Regards,

Antoine

 

G_W_Albrecht
Legend Legend
Legend
‎2020-10-16 02:21 AM
In response to Ob1lan

Do the few users it does work for share something ? I would look at the differences first...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Ob1lan
Collaborator
‎2020-10-16 03:08 AM
In response to G_W_Albrecht

They seem to have mixed OS version, and reported that it's possible for 2 users having same OS version and same VPN client version to have different behavior : it can work alright for one of them, and not for the other one... But for all of them, there is no issue with E80.89... 

G_W_Albrecht
Legend Legend
Legend
‎2020-10-16 07:18 AM
In response to Ob1lan

If software behaves different for different users there always is a reason for the behaviour, even if we do not know it. But anyway, E80.89 is not a bad choice if you only need the VPN part of EPS and no macOSCatalina. 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
‎2020-10-17 10:38 PM

I’m going to guess it’s the desktop firewall that’s the issue.
See: https://community.checkpoint.com/t5/Remote-Access-VPN/MacOS-EPS-Standalone-Client-VPN-client-Block-A...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events