Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CzarMark
Explorer

Endpoint Security VPN for macOS Safari 18 compatibility problems

We are seeing that Check Point Endpoint Security VPN for macOS appears to suffer compatibility problems with Safari 18. We use Azure for authentication. Azure logs show successful authentications. However, the client stalls for about a minute then fails and displays, “Negotiation with site failed." This occurs in both the recommended version (E88.40) and the latest version (E88.60). The only workaround we have identified is to 1) Change the default browser from Safari to Chrome or Edge; and 2) use version E88.60. We have found that E88.40 ignores the default browser setting and opens Safari anyways. It is not clear what Apple changed in Safari 18. We have tested toggling different privacy settings to no avail. We have replicated the problem and the fix on more than one Mac and on more than one version of macOS (Sonoma 14.7 and Sequoia 15.0). Consequently, we implemented a 90-day deferral on all software updates via MDM until Check Point fixes its broken client.

8 Replies
PhoneBoy
Admin
Admin

Current releases do not support Sequoia.
I suspect this will be addressed in an upcoming release in the coming weeks.

0 Kudos
CzarMark
Explorer

Please read posts carefully before replying. This is not a Sequoia issue. Apple is pushing Safari 18 to the three most-recent versions of macOS (Ventura, Sonoma, and Sequoia). For many of your customers, this will break Check Point Endpoint Security VPN functionality on all three.

0 Kudos
(1)
G_W_Albrecht
Legend Legend
Legend

Please rather read https://support.checkpoint.com/results/sk/sk115192 carefully to know what CP is commited to regarding new versions... Safari 18 would be covered by the disclaimer.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Someone also mentioned in another post that option 1 you described was indeed the way to make it work.

Andy

0 Kudos
GianniPapetti
Contributor

Same here, 

MAC Sonoma 14.7 or Sequoia both with Safari 18 cannot connect to SAML RA VPN.

Chrome works fine.

Mitigation was to first disable CP autoprotection module; change  idp_browser_mode in Trac.default file then reboot the mac client (for ease of use).

Think CP must provide a fix ASAP.

 

0 Kudos
the_rock
Legend
Legend

I believe someone from Israel mentioned last week in a different post that this should be supported in next release. I will see if I can find that post.

Andy

0 Kudos
PhoneBoy
Admin
Admin

We just released E88.70 of Endpoint Security/VPN, which supports Sequoia as Early Availability: https://support.checkpoint.com/results/sk/sk182646 
It might also resolve the issues with the latest Safari as well.

0 Kudos
GianniPapetti
Contributor

We resolved using E88.x with Chrome.

Will give 88.70 a try.

Regards,

Gianni.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events