This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sharkbone
Participant
‎2019-09-09 01:03 AM

Screenmirroring (Miracast) connection error

We have had the scenario where our Screen mirroring via Miracast or any other technology works only after uninstalling Checkpoint VPN/Firewall software from the affected client. Research shows that most third party VPN solutions identify WiFi Direct (the underlying technology for Miracast/screensharing) as a "Split Tunnel" connection and deem it a risk to security so they disable the functionality.

Are there alternative workarounds to this instead of totally uninstalling Checkpoint in order to get this working? We can only keep Checkpoint as our endpoint security solution (vpn / firewall) if we find a permanent solution to this problem or else management will be forced to turn to another solution. 

Refer to this post https://superuser.com/questions/1353896/miracast-connection-error-after-joining-ad-domain

0 Kudos
13 Replies
G_W_Albrecht
Legend
Legend
‎2019-09-09 03:00 AM

Did you already involve CP TAC here ? 

CCSE CCTE SMB Specialist
sharkbone
Participant
‎2019-09-09 12:56 PM
In response to G_W_Albrecht

Who or what is CP TAC? Can you please direct or connect me to this ? 

0 Kudos
Wolfgang
Mentor
Mentor
‎2019-09-09 07:52 AM

Hope TAC can help.

We are using Windows10 clients with latest EndPoint client from Check Point.

And sending the screen to another via Miracast is no problem. 

Wolfgang

sharkbone
Participant
‎2019-09-09 12:57 PM
In response to Wolfgang

How do you make this work? Do you have a special configuration? You have seen my issue and can advise exactly on what i need to do.
0 Kudos
Wolfgang
Mentor
Mentor
‎2019-09-14 03:57 AM
In response to sharkbone

No special configuration there, not on the client not on the central site. We use a normal remote VPN configuration. 

I can‘t say why it works, because we never had problems with this. 

Did you checked all your logs, maybee some of the needed connections is blocked by rules.

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-09 11:02 AM

We do not require you to use Split Tunnel, do we can enforce it if you so desire.
If you still want to force Split Tunnel but allow access to local subnets, which I believe will allow WiFi Direct to work, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
sharkbone
Participant
‎2019-09-09 12:58 PM
In response to PhoneBoy

I went to the solution but it says i require advance access . I was just able to view the solution summary but not the detail.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-09 03:01 PM
In response to sharkbone

Unfortunately, we're not allowed to copy/paste SK articles into CheckMates.
Article requiring Advanced Access generally require having an active support agreement, which is also required to contact the TAC.
TAC contact details are here: https://www.checkpoint.com/support-services/contact-support/

Perhaps a more complete source of information around this can be found in this document, which you should be able to access: http://downloads.checkpoint.com/dc/download.htm?ID=60345
Specifically, in the section Remote Access Modes.
sharkbone
Participant
‎2019-09-09 11:40 PM
In response to PhoneBoy

Appreciate. Will have a look at it .

0 Kudos
Velocy
Participant
‎2019-09-23 03:37 AM

Hi,

there was indeed an Error with Miracast I've dealed with last year, but this was caused by a Security Bug in Checkpoint (iirc we had E80.71 and it was fixed in E80.80+). This bug caused an issue creating or modifying (like driver update) network adapters, after Checkpoint Endpoint Security has been installed. We noticed when we wanted to update the WiFi driver on some devices, but after the driver was installed, the device just had a yellow exclamation mark in the device manager.

Uninstalling Checkpoint immediately resolved the issue. After reinstalling checkpoint the device still worked.

This also affected Wireless Display / Miracast. The WiFi direct connection is created upon the first time you try to connect to a wireless display. With the bug mentioned above, the creation of the WiFi direct connection failed kind of and Wireless display didn't work. If it was used once, before the mentioned checkpoint version has been installed, it also worked afterwards.

Also, if you utilize client firewalls or the checkpoint's local firewall, make sure you configure it correctly. I think Trendmicro has a nice KB article for IP ranges and ports.

Kind regards

 

0 Kudos
Drax
Explorer
‎2019-10-08 02:19 PM
In response to Velocy

Having the same issue here.  Using client 81.10.  If you uninstall the client you are able to Miracast.  You can reinstall the client and setup your site and it will still work.  However, once you connect the vpn client Miracast stops working and will not work even when you disconnect the client.  The only thing that will allow it to work again is to uninstall the client.  

Any suggestions would be greatly appreciated.

0 Kudos
Tracy_Hazlett
Explorer
‎2022-04-19 10:10 AM
In response to Drax

Did you find a solution?  We are having the same issue you describe.  thanks. 

0 Kudos
Velocy
Participant
‎2022-04-19 10:48 AM
In response to Tracy_Hazlett

Well, if the issue appears only after the client has connected once, I'd strongly point into the firewall's direction.

The issue I had in the past was, that the WiFi Direct Connection could not be created due to a bug in CP, but that should be solved. If you have the Windows Firewall enabled I often noticed some "strange" behavior in the past. Most important thing to consider is, that from an NLA / Firewall point of view (network location awareness) the WiFi Direct connection to the Remote-Screen is considered a Private / Public connection. There is a good article from a competioner (not sure if I'm allowed to link that) that describes IP ranges and ports. Just google for: wireless display ports firewall should be in the top 5 results.

A good start troubleshooting would be, to have the feature (temporarily) enabled so a user can turn off the firewall policy of Endpoint Security, so you can check if it works without it. Also check the Windows Firewall Log (if enabled) if you can see any drops.

0 Kudos