Solved: vpn on, network off

Andrea_Armellin · ‎2024-11-11

Hello

I have a strange problem in one pc of my enviroment.

It's windows 11 N 24h2. It has check pont mobile installed and a vpn site configured with Azure authentication.

We installed media feature pack too, because in past we had problems with windows N without media pack and vpn client.

When the vpn close (authenticated and conncected), after some seconds, pc lose internet connection even if with wifi or lan.

The only way to renable internet connection is to disable and renable network interface.

We were using 80.30 client. Upgraded to 80.60 we got same result.

Tried to use ssl network extender authentication from browser.....we got same problem.

Tried uninstall and reinstall network extender driver and check point mobile....same problem.

The only thing that work it's Capsule, but with capsule we can't use Azure authtentication (only radius mfa is available)

Any suggestions?

Thank you

PhoneBoy · ‎2024-11-11

This is a known issue with the following workaround: https://support.checkpoint.com/results/sk/sk182749

View solution in original post

the_rock · ‎2024-11-11

You definitely need to follow what @PhoneBoy suggested. BUT, make sure syntax is EXACTLY how it shows in the sk and follow all the brackets the way they are lined up in trac_client_1.ttm file, it does matter. Once you make modifications, before installing policy, run vpn_ttm_check trac_client_1.ttm to make sure there are no errors. Message me directly if you cant figure out the syntax, I can send you right one tomorrow.

Best,

Andy

View solution in original post

CheckMatesAI

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

It seems like the issue you're experiencing with the Check Point Mobile VPN on Windows 11 N 24h2 is related to the network interface losing connectivity after the VPN disconnects. Here are some steps you can try to resolve this issue:

Edit the Route Conflict Resolution Method:
- On the Security Gateway that is the VPN endpoint, back up the $FWDIR/conf/trac_client_1.ttm file:
```
cp trac_client_1.ttm trac_client_1.ttm.bkp 
```
- Edit the route_conflict_resolution_method parameter in the $FWDIR/conf/trac_client_1.ttm file, and set its value to default (modify):
```
:route_conflict_resolution_method ( :gateway ( :default (modify) ) ) 
```
- Install the policy on the Security Gateway.
- Reconnect with the Endpoint Security Client for the new value to take effect.
Local Configuration:
- If you cannot apply the solution on the Security Gateway, set the same parameter in the trac.defaults file on the client PC, and restart the VPN service:
  - Change the line from:
```
route_conflict_resolution_method STRING "delete_create" GLOBAL 1 
```
  - To:
```
route_conflict_resolution_method STRING "modify" GLOBAL 1 
```
Check Local Anti-Virus/Anti-Malware:
- A local Anti-Virus/Anti-Malware program may block interface updates after the VPN disconnects. Try disabling it temporarily to see if the issue resolves.
Manual DNS Configuration:
- Manually configure the IP address for the DNS server in Network Adaptor Properties to prevent DNS issues after VPN disconnection.

If these steps do not resolve the issue, I recommend contacting Check Point Support for further assistance. They can provide a more tailored solution based on your specific environment.

View solution in original post

PhoneBoy · ‎2024-11-11

This is a known issue with the following workaround: https://support.checkpoint.com/results/sk/sk182749

TheElvenPath

Hi, i have no access to that page. How could i get it? Update windows 11 and boom. Support from my organization have no solution.

PhoneBoy

Your organization should have access to this SK (assuming they have a support contract) and they can apply the fix on the gateway side, which will fix it for all users.
There is a fix you can apply on the client side, which is discussed here:
https://community.checkpoint.com/t5/Remote-Access-VPN/Windows-11-24H2-Remote-Access-VPN/m-p/229233
Make sure you stop the following services before editing trac.config on your client:

Check Point Endpoint Client Watchdog
Check Point Endpoint Security VPN

the_rock · ‎2024-11-11

You definitely need to follow what @PhoneBoy suggested. BUT, make sure syntax is EXACTLY how it shows in the sk and follow all the brackets the way they are lined up in trac_client_1.ttm file, it does matter. Once you make modifications, before installing policy, run vpn_ttm_check trac_client_1.ttm to make sure there are no errors. Message me directly if you cant figure out the syntax, I can send you right one tomorrow.

Best,

Andy

Andrea_Armellin · ‎2024-11-12

Thank you both!! It works!

the command to check the file is
vpn check_ttm trac_client_1.ttm

the_rock · ‎2024-11-12

Sorry, right, could not think of the right syntax, thats it.

Andy

CheckMatesAI

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

It seems like the issue you're experiencing with the Check Point Mobile VPN on Windows 11 N 24h2 is related to the network interface losing connectivity after the VPN disconnects. Here are some steps you can try to resolve this issue:

Edit the Route Conflict Resolution Method:
- On the Security Gateway that is the VPN endpoint, back up the $FWDIR/conf/trac_client_1.ttm file:
```
cp trac_client_1.ttm trac_client_1.ttm.bkp 
```
- Edit the route_conflict_resolution_method parameter in the $FWDIR/conf/trac_client_1.ttm file, and set its value to default (modify):
```
:route_conflict_resolution_method ( :gateway ( :default (modify) ) ) 
```
- Install the policy on the Security Gateway.
- Reconnect with the Endpoint Security Client for the new value to take effect.
Local Configuration:
- If you cannot apply the solution on the Security Gateway, set the same parameter in the trac.defaults file on the client PC, and restart the VPN service:
  - Change the line from:
```
route_conflict_resolution_method STRING "delete_create" GLOBAL 1 
```
  - To:
```
route_conflict_resolution_method STRING "modify" GLOBAL 1 
```
Check Local Anti-Virus/Anti-Malware:
- A local Anti-Virus/Anti-Malware program may block interface updates after the VPN disconnects. Try disabling it temporarily to see if the issue resolves.
Manual DNS Configuration:
- Manually configure the IP address for the DNS server in Network Adaptor Properties to prevent DNS issues after VPN disconnection.

If these steps do not resolve the issue, I recommend contacting Check Point Support for further assistance. They can provide a more tailored solution based on your specific environment.

Are you a member of CheckMates?

vpn on, network off