This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CzarMark
Explorer
a week ago

Endpoint Security VPN for macOS Safari 18 compatibility problems

We are seeing that Check Point Endpoint Security VPN for macOS appears to suffer compatibility problems with Safari 18. We use Azure for authentication. Azure logs show successful authentications. However, the client stalls for about a minute then fails and displays, “Negotiation with site failed." This occurs in both the recommended version (E88.40) and the latest version (E88.60). The only workaround we have identified is to 1) Change the default browser from Safari to Chrome or Edge; and 2) use version E88.60. We have found that E88.40 ignores the default browser setting and opens Safari anyways. It is not clear what Apple changed in Safari 18. We have tested toggling different privacy settings to no avail. We have replicated the problem and the fix on more than one Mac and on more than one version of macOS (Sonoma 14.7 and Sequoia 15.0). Consequently, we implemented a 90-day deferral on all software updates via MDM until Check Point fixes its broken client.

5 Replies
PhoneBoy
Admin
Admin
a week ago

Current releases do not support Sequoia.
I suspect this will be addressed in an upcoming release in the coming weeks.

0 Kudos
CzarMark
Explorer
a week ago
In response to PhoneBoy

Please read posts carefully before replying. This is not a Sequoia issue. Apple is pushing Safari 18 to the three most-recent versions of macOS (Ventura, Sonoma, and Sequoia). For many of your customers, this will break Check Point Endpoint Security VPN functionality on all three.

0 Kudos
(1)
the_rock
Legend
Legend
a week ago

Someone also mentioned in another post that option 1 you described was indeed the way to make it work.

Andy

0 Kudos
GianniPapetti
Contributor
Monday
In response to the_rock

Same here, 

MAC Sonoma 14.7 or Sequoia both with Safari 18 cannot connect to SAML RA VPN.

Chrome works fine.

Mitigation was to first disable CP autoprotection module; change  idp_browser_mode in Trac.default file then reboot the mac client (for ease of use).

Think CP must provide a fix ASAP.

 

0 Kudos
the_rock
Legend
Legend
Monday
In response to GianniPapetti

I believe someone from Israel mentioned last week in a different post that this should be supported in next release. I will see if I can find that post.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events