This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ruan_Kotze
Advisor
Friday

Switching Capsule client from HTTPS to IPSEC

Hi CheckMates,

Architecturally we have made a decision to move our Capsule clients from connecting via HTTPS to IPSEC to mitigate against potential future vulnerabilities.

What we are seeing is that as soon as we do that change, mobile clients stop communicating.  They manage to log in successfully but nothing further apart from that.

The weird thing is I also see no drops from the clients OM IP, not through Smartconsole and not through a fw ctl zdebug either.  On the clients I also see the encrypted packet count increasing, but not the decrypted.

The only activity I'm seeing is IKE NAT-T on udp 4500.  I've double-checked that I've got no silent drops going on either.

Would really appreciate any ideas on where to start looking.

Thanks,
Ruan

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
Friday

Did you try deleting and re-adding the site after making this change?
Anything from the client logs?

0 Kudos
Ruan_Kotze
Advisor
yesterday
In response to PhoneBoy

Hi Dameon,

Yes we have re-created the site.  We do have a case open with TAC so are providing them with the debugs.

Thanks,
Ruan

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events