E88.41 through E88.60 only support 24H2 EA (Released from Microsoft PRIOR to October 1, 2024) and only partially works with Win 11 24H2 GA (Released by Microsoft on October 1, 2024) only when you manually edit the config files to work around the VPN issue.    Sorry, not making global changes to gateway config files every time Microsoft adjusts a setting on a new Windows build.  The Checkpoint client needs to work "out the box" without having to edit the config files on every client.   Need clarification if E88.61 includes this fix/workaround natively or not.

Maybe worth TAC case to confirm for sure?

Andy

The fix is expected as part of E88.70 which was not released yet. 

Checkpoint stated their policy was 2 months from OS GA release for endpoint client support.   Microsoft Win11 24H2 GA released on October 1, 2024, Checkpoint should have had an endpoint client supporting it by December 1, 2024.   Can you check up the chain and see when E88.70 is scheduled for release? 

Thank you

The original plan was for E88.70 to be out by now.
It is actually out for macOS.
Why it is not for Windows, I can only speculate.
Perhaps @BarYassure can comment.

Probably as 24H2 has been a nightmare of issues compared to most feature releases from Microsoft.   Hopefully it doesn't become the Windows Vista of this decade!

Hi

88.70 lease for Windows is a bit late, as we are trying to maximize the CPU Consumption improvements planned for this version.
Win11 24H2 GA support is starting from E88.41 and later versions - It was initially EA, but we saw that everything is working as expected so we have changed it to GA starting E88.41.

I believe there is a significant difference in opinion between what the customer base has experienced wide spread issues with VPN components vs what you stated with E88.41 and later Win11 24H2 GA "working as expected".     

We don't agree that "working as expected" should require making global config changes to the gateway or config files changed on each and every endpoint to make it work as expected.  

The expectation is the fix/workaround become default so that the Endpoint VPN works as expected, by the customer, without modification every time Microsoft makes releases a feature update or patch.   

Please clarify Checkpoint's position on this issue.

Thank you

You are right, let me correct myself.
Starting from E88.41 we have our official support for Win11 24H2 - but I agree this is a limitation and the workaround is not the best solution.
With E88.70 we are fixing this limitation, and customers will be able to choose which version they want to use. 

Hello,

is there any news regarding this?
A client of mine has a Windows 11 24h2 image deployment on hold, awaiting the E88.70 client availability (or whatever version supposed to fully support 24H2 out of the box).

Thanks.

Same here!!!

E88.62 is coming soon as a next step.

https://community.checkpoint.com/t5/Endpoint/E88-70-and-E89-endpoint-release-for-Windows/m-p/240322/...

O yea, that was what Phoneboy said in response to my post yesterday. Any ballpark estimate about E88.70 and/or E89? 🙂

Andy

Nothing new since yesterday I'm afraid.

As they say, patience is a virtue 🙂

Andy

I checked with a couple sources while at CPX…the guidance of “next couple weeks” is still valid.

Hello,

no, not any feedback since I inquired...

Did you have a look at this other thread, on same subject :
https://community.checkpoint.com/t5/Remote-Access-VPN/Windows-11-24H2-Remote-Access-VPN/td-p/229233

Although not much more progress on the issue on that one.

Did you try the workaround in https://support.checkpoint.com/results/sk/sk182749 ?
In case it'll work for you, would be way simpler than your "amateur" workaround.

But granted, even assuming the workaround works, would be kind of frustrating to deploy hundreds or more of new machines, with a non optimum VPN client for 24H2, just to see the "right" one possibly finally released shortly after.

The SK you gave link to is what we applied for one of our customers and worked nicely, we simply did trac_client_1.ttm file on both cluster members. After modification, worth running vpn check_ttm $FWDIR/conf/trac_client_1.ttm command to make sure its good before pushing policy.

Andy