- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Hi,
Had a weird issue that has never happened before. Upgrading caused a weird VPN issue going from R82 to R82.10
Upgrade worked fine, running tests, last one VPN failed - when testing with Capsule via Android, IOS or Windows I got capsule conenctions failing - message either malfomed reply from site or SSL error - failed to read data from site
Logs showed certificate mismatch
When connecting - VPN is connecting to fw2.*******.com, but gateway present default certificate
CN = ****** VPN Certificate
No matter what I do to state use fw2 cert, still fails
Any thoughts or ideas greatly appreciated
Currently rolled back snapshot so I can get VPN's working
Regards
Wayne
Did you install a recent jumbo update after the R82.10 installation? Otherwise you will encounter:
|
PRJ-66998, PRJ-67000, PRJ-67034, PMTR-124920, PRHF-44366 |
VPN, Internal CA |
Starting March 1st, 2026, newly created certificates and newly generated CRL may fail validation. Refer to sk184766. |
Cheers, so the 15th Jun R82.10 build doesnt include the CRL validation HF?
If you upgraded using the combined R82.10 / JHF take 24 package, then yes that fix was included.
yes i used - R82.10 Security Gateway + JHF T24 for Appliances and Open Servers
Aside from the cert thing @Lesley mentioned, just confirming you installed policy AFTER upgrading to R82.10?
Installing policy with the gateway object set to the correct version is a necessary post-upgrade step.
I pushed policy
As a follow up i built an lab test R82 open server in VMware - configured it, this time just using default certificate - VPN works from test laptop. Took a snapshot - upgraded to R82.10 - changed build, pushed policy - VPN fails - so something else is happening I think?
Best to get TAC involved here.
I have logged a case with TAC - in the meantime here is some further info, to see if you guys can possibly assist?
I have two standalone (non-clustered) gateways:
The current Remote Access VPN Community contains FW1 only.
Result:
When FW2 is upgraded to R82.10, Capsule VPN fails unless FW2 is added to the Remote Access Community.
After adding FW2 to the Remote Access Community and installing policy:
So has there has been a behavioural or configuration change in R82.10 which now requires a Security Gateway to be included in a Remote Access Community for Remote Access VPN functionality?
My understanding is that:
Is this:
I have built a VM R82 - taken a snapshot - configured it exactly like my FW2 and Capsule connections work.
Upgrade to R82.10 Capsule fails, make it a member of Remote Access VPN community, Capsule and Endpoint work.
So there is clear picture R82.10 requires RA VPN, whereas R82 seemed not to be so fussy?
So is there;
Based on your description and the fact we require the gateway being in the RemoteAccess VPN community for other clients, I'd say it was a requirement not enforced in earlier releases.
TAC should be able to confirm.
Thanks - I will wait for TAC
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 12 | |
| 6 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
Fri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY