- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We have had the scenario where our Screen mirroring via Miracast or any other technology works only after uninstalling Checkpoint VPN/Firewall software from the affected client. Research shows that most third party VPN solutions identify WiFi Direct (the underlying technology for Miracast/screensharing) as a "Split Tunnel" connection and deem it a risk to security so they disable the functionality.
Are there alternative workarounds to this instead of totally uninstalling Checkpoint in order to get this working? We can only keep Checkpoint as our endpoint security solution (vpn / firewall) if we find a permanent solution to this problem or else management will be forced to turn to another solution.
Refer to this post https://superuser.com/questions/1353896/miracast-connection-error-after-joining-ad-domain
Did you already involve CP TAC here ?
Who or what is CP TAC? Can you please direct or connect me to this ?
Hope TAC can help.
We are using Windows10 clients with latest EndPoint client from Check Point.
And sending the screen to another via Miracast is no problem.
Wolfgang
No special configuration there, not on the client not on the central site. We use a normal remote VPN configuration.
I can‘t say why it works, because we never had problems with this.
Did you checked all your logs, maybee some of the needed connections is blocked by rules.
Wolfgang
Appreciate. Will have a look at it .
Hi,
there was indeed an Error with Miracast I've dealed with last year, but this was caused by a Security Bug in Checkpoint (iirc we had E80.71 and it was fixed in E80.80+). This bug caused an issue creating or modifying (like driver update) network adapters, after Checkpoint Endpoint Security has been installed. We noticed when we wanted to update the WiFi driver on some devices, but after the driver was installed, the device just had a yellow exclamation mark in the device manager.
Uninstalling Checkpoint immediately resolved the issue. After reinstalling checkpoint the device still worked.
This also affected Wireless Display / Miracast. The WiFi direct connection is created upon the first time you try to connect to a wireless display. With the bug mentioned above, the creation of the WiFi direct connection failed kind of and Wireless display didn't work. If it was used once, before the mentioned checkpoint version has been installed, it also worked afterwards.
Also, if you utilize client firewalls or the checkpoint's local firewall, make sure you configure it correctly. I think Trendmicro has a nice KB article for IP ranges and ports.
Kind regards
Having the same issue here. Using client 81.10. If you uninstall the client you are able to Miracast. You can reinstall the client and setup your site and it will still work. However, once you connect the vpn client Miracast stops working and will not work even when you disconnect the client. The only thing that will allow it to work again is to uninstall the client.
Any suggestions would be greatly appreciated.
Did you find a solution? We are having the same issue you describe. thanks.
Well, if the issue appears only after the client has connected once, I'd strongly point into the firewall's direction.
The issue I had in the past was, that the WiFi Direct Connection could not be created due to a bug in CP, but that should be solved. If you have the Windows Firewall enabled I often noticed some "strange" behavior in the past. Most important thing to consider is, that from an NLA / Firewall point of view (network location awareness) the WiFi Direct connection to the Remote-Screen is considered a Private / Public connection. There is a good article from a competioner (not sure if I'm allowed to link that) that describes IP ranges and ports. Just google for: wireless display ports firewall should be in the top 5 results.
A good start troubleshooting would be, to have the feature (temporarily) enabled so a user can turn off the firewall policy of Endpoint Security, so you can check if it works without it. Also check the Windows Firewall Log (if enabled) if you can see any drops.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY