cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

SSL SNX macos catalina support

Jump to solution

hello all ,

some users upgraded their macbook to the latest macos catalina , and since then they can no longer connect to ssl using their installed network extender.

We have gaia r77.30 take 317 and the mabda sk113410.

Any suggestion will be welcome. I assume Checkpoint will offer a new mabda version in the near future,

thank you 

1 Solution

Accepted Solutions

Re: SSL SNX macos catalina support

Jump to solution

Running R80.10 with take 203 & the latest MABDA hotfix.  Received below temporary unofficial workaround from support.  So far it enabled 3 Catalina Macbooks to function.  Its only been a day so not sure how well it will work and your mileage may vary.

 

(•)After consulting with R&D, we provide

1. Open Safari and navigate to https://localhost:14186/id

2. “The connection is not private” message will appear

3. Click "Show Details", then "visit this webpage"

4. Confirm your action and enter the password

5.Re-open the mobile access portal in a new window and then try to connect to gw again

13 Replies

Re: SSL SNX macos catalina support

Jump to solution

Then let your users return to the supported Mac OS High Sierra - at the moment, no CP RA VPN does support Catalina !

0 Kudos
schoenf
Iron

Re: SSL SNX macos catalina support

Jump to solution

I installed the latest client 80.89 on Catalina with a certificate stored in the Keychain. This works on one of my machines. 

What causes problems:

  • Certificate in the file system
  • On one machine, the process of connection consumes 100% CPU.

On some configurations, it might work

I hope it helps ... downgrade to Mojave is not an option.

-werner

0 Kudos
schoenf
Iron

Re: SSL SNX macos catalina support

Jump to solution

Any suggestion for Open Source VPN clients?

Thanks 

Werner

AlexBr
Ivory

Re: SSL SNX macos catalina support

Jump to solution

Hi, did you manage somehow to fix the 100% cpu issue? Im having the exact problem and i cant manage to fix it. 

0 Kudos

Re: SSL SNX macos catalina support

Jump to solution

Hello,

You may want to look into enabling SSL VPN within Mobile Access, altough you need newer GW version for a proper compatibility (R80.X).

Also you may want to try with other open source vpns clients that are supported on Catalina.

 

https://www.linkedin.com/in/federicomeiners/
0 Kudos
Admin
Admin

Re: SSL SNX macos catalina support

Jump to solution
I doubt we will be providing an updated MABDA for R77.30 as this release went End of Support in September.
I assume we will for supported releases, though.

As far as I can tell, the "32-bit only" limit of SNX is not new.
While this SK references Windows, I assume Mac is no different.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

As for third party clients, anything that supports L2TP can be made to work.
I haven't personally tested this on the Mac, though.
mdjmcnally
Copper

Re: SSL SNX macos catalina support

Jump to solution

R80.10 Jumbo HotFix - Ongoing Take 185 adds 64 bit SNX Extender Support

R80.20 Jumbo HotFix - General Availability Take 33 adds 64 bit SNX Extender Support

These both came out January 2019

I would hope/believe that R80.30 which came out only this year already had the 64 bit SNX support.

 

As others stated then I doubt that there will be a patch for R77.30 to move to 64 bit SNX with it being End of Support.

 

What is your timescale for getting to R80.x or is there a reason that cannot upgrade to R80.x on the Gateway

0 Kudos

Re: SSL SNX macos catalina support

Jump to solution

Running R80.10 with take 203 & the latest MABDA hotfix.  Received below temporary unofficial workaround from support.  So far it enabled 3 Catalina Macbooks to function.  Its only been a day so not sure how well it will work and your mileage may vary.

 

(•)After consulting with R&D, we provide

1. Open Safari and navigate to https://localhost:14186/id

2. “The connection is not private” message will appear

3. Click "Show Details", then "visit this webpage"

4. Confirm your action and enter the password

5.Re-open the mobile access portal in a new window and then try to connect to gw again

Re: SSL SNX macos catalina support

Jump to solution

Hi

Thanks alot for sharing.
All macbooks we tried on here it works on, helps alot 🙂

Admin
Admin

Re: SSL SNX macos catalina support

Jump to solution
Just to clarify, it's available in R80.30.
It's also available in:
R80.20 jumbo take 21
R80.10 Jumbo take 179
R77.30 jumbo take 347

Re: SSL SNX macos catalina support

Jump to solution

So I see that this morning, sk113410 was updated to include support for Catalina, but the hotfix ID is the same as before. I checked my gateways, and there are no MABDA updates available. Is there something new that needs to be installed for Catalina to work properly?

0 Kudos

Re: SSL SNX macos catalina support

Jump to solution

Just tested it and you have to uninstall the "old"  MABDA hotfix and remove it from cpuse then import the new one and install it.

Seems to work fine so far in our tests

 

Just keep in mind to have a backup of the old MABDA files if you want to revert back to that version.

0 Kudos

Re: SSL SNX macos catalina support

Jump to solution

So uninstalling and reinstalling the Hotfix worked in our environment - but the installer in the DMG gives a warning that Apple was unable to scan it for malicious content, so it wasn't allowed to execute. Obviously, if you right click the installer and select Open, it bypasses that check, and allows it to install, but that isn't necessarily intuitive to all end users. Did the same thing happen in your environment? I replicated it on a MacBook Pro and a Mac mini in my possession.

0 Kudos