Showing results for 
Search instead for 
Did you mean: 
Create a Post
Virupaksha_PT inside Remote Access Solutions an hour ago
views 18 2

Change of authorization(CoA) in remote VPN

Hi Folks, Can we do Change of authorization (CoA) in remote access VPN as we want to perform a test case where in the end users connects through Checkpoint VPN but the compliance of the system is checked via Checkpoint Endpoint security egent installed in a Laptop. Please suggest.Checkpoint current version is r77.30  Regards,Viru  
TomShanti inside Remote Access Solutions yesterday
views 217 13

Endpoint VPN: How does client get routing topology fom the VPN GW ?

 I know that the client calculates topology on connect and stores it in local trac.config file but where is this topology information stored on the gateway ? Thanks Tom

Route-based VPN issue with DAIP third party device (Cisco 1921)

Hello,I've configure one of my CP cluster to do route-based VPN instead domain-based.A ticket is open but it seems CP don't really understand the issue. So my configuration is:- Cluster CP (OpenServer) R80.10 Take 214- Cisco 1921 IOS 15.5 (4G modem with IPSec support APN/public IP) My need is a route-based VPN between my Cluster and this router. My issue is: all is working fine if i set the public IP for this third party device, GRE over IPsec is working fine. If i set this object in DAIP, with wan interface configured as Dynamic IP in its topology, IPsec tunnel is up but there is no GRE traffic inside. On the CP log tracker, the "VPN peer Gateway" field have the right name (rt-lte-xxx) and public IP when i set public IP on the object, but in DAIP mode, only is visible, nothing else.I think Checkpoint can't retrieve the object name/dynamic IP address when packet is routing thought VTI interface.Anyone here is able to route-based VPN trafic with Third party object in DAIP mode? Thanks.  
Martijn inside Remote Access Solutions yesterday
views 141 8

Speed up connection process

Hi all,Are there settings or options we can change to speed up the connection process of a VPN client?One of our customer uses RSA SecurID as authentication method and it takes about 20 seconds before the gateway decides to authenticate against this RSA server. We tested this and see the UDP 5500 packet leaving the gateway after about 20 seconds and at the same time we see the user in the RSA log.What takes place in those 20 seconds before authentication? We see the VPN packets entering the gateway right after clicking the Connect button, but then we have to wait for the real authentication.A check for a site update is taking place, but is there also a certificate / CRL check?What else is being checked and how can we speed up those processes?Regards,Martijn. 
SChalhoub inside Remote Access Solutions Tuesday
views 239 8

SSL Network Extender: Not enough licenses for SNX

Although we have licenses applied to gateways we have problems with SNX VPN clients.This issue starts without any changes to our applied licenses.Here is an excerpt from the error message:; reason :: SSL Network Extender: Not enough licenses for SNX; scheme :: SSL; methods ::; reject_category: SSL Network Extender authentication failure;Does anyone has any inside about this issue ?Best Regards,   
Libin_Thomas inside Remote Access Solutions Tuesday
views 8004 7 1

Start VPN tunnel before Windows Logon?

To start the tunnel BEFORE you login with domain-credtials to your windows pc.Then, after the vpn tunnel is established, you can logon directly into your Active Directory domainis it possible with Mobile access or IPsec vpn ?
Kieran1963 inside Remote Access Solutions Monday
views 57 1


We have tried to use DynamicID with  Australian SMS gateways. We have tested on the browser and the API's work, however when we implemented on the DynamicID, we are not getting very far.1) Has anyone succeeded with an Australian SMS Gateway?2) If so what was the string that you implemented? Kieran

RemoteVPN, Radius, DynamicID SMS intergration

Setting up RemoteVPN using Radius/Microsoft AD and DynamicID authentication. Does this combination work? As Radius Works without DynamicID, DynamicID works with Username and Password authentication. Error message when both are used "Failed Login Factor 1st factory - DynamicID"
Joshua42 inside Remote Access Solutions Thursday
views 112 2

Capsule VPN on Android Pie Crashing

I have a Samsung Tab S3 (and also a Tab S6 that just arrived) running stock Android Pie. Capsule VPN used to work just fine until yesterday.There was an Android Pie and Samsung One UI update that I installed on both devices (did not get a chance to test VPN on the new tablet) and now the client crashes when I enter my login and try to connect. At first I thought it was just the S6 and a newer OS, but the S3 didn't work either last evening, and the only change there was the update.I checked the play store for any updates to the client, but was only greeted with a message saying "This app may not be optimized for your device" and the last update is dated 7/17/2019.Has anyone else experienced this? I tried a few other VPN clients in the hopes that they would be compatible, but they appear to not work.

SMB remote access vpn clients connect to site to site vpn remote networks

Hello, Remote access clients want to connect with IPSsec vpn remote encryption domain hosts. Gateway is Checkpoint 1490 SMB appliance.  Remote clients can connect to office lan hosts successfully, IPSec remote encryption domain hosts can connect with office lan hosts successfully, Now we want to connect Remote client  hosts with IPSec remote encryption domain hosts.
casgrain inside Remote Access Solutions Thursday
views 93 1

Administrators VPN access

Hi,On R77.30, would the "administrators" have VPN access just like regular "users"? I configured an administrator (setup as radius authentication, added to VPN authorized group) and it works to login via Radius. However the VPN client gives me "Negotiation with site failed" with no log in Checkpoint nor an attempt to authenticate on the radius.Can't find my answer in any of the documentation 😞Cheers,

Two factor authentication

Hi, I need a little help. I want to apply a second authenticaiton factor to my C2S connections, actually the users connects to de VPN by Endpoint security VPN, they use their credentials from AD, now I want to set up a second factor using a RADIUS server that generates a token. Lets illustrate my scenario: Scenario So the thing I want and hope is, Client communicates with FW, FW asks AD server for identities, then FW asks RADIUS for token and thats it, so what I configured is this:Configure a new multiple options, first username, then RADIUS1st factor configuration2nd factor configurationAND! is not working, after authenticate with AD, it asks for a user, I thought it was the token but wasn't, dont know if this is the correct configuration, can you help me on how to start the troubleshooting? I read that there is some configuration that let me use pass+token, but i cant make it works, or maybe configure.Thanks in advance.
Rolf_Scheurer inside Remote Access Solutions a week ago
views 119 4

Capsule VPN for Android - Google Playstore

Hi CheckMates, We have a project where we need to use Capsule VPN for Android. The client devices are in an isolated (non Internet) WiFi / 4G Network.The devices can access the Google Playstore only after VPN establishment.We observe the behaviour, that Google Playstore does not work and it is not 'contacted' from the devices. Troubleshooting the issue shows, that the device it self can access internet over Capsule VPN. Does somebody have experience using Google Playstore over Android VPN (without direct internet access)?Thanks,Rolf  
Alexander_Schuh inside Remote Access Solutions a week ago
views 156 5

No Mails with Attechmant in OWA over Mobile Access

HI,following problem:A Costumer is using OWA with Outlook2016. Sending Emails (only text ) over a VPN Connection (Mobile Access VPN Portal)  is working without some issues. But if I have a Picture in the Signature or something else then it is not possible to send the E-Mail.After connecting to the OWA from the internal Network it is working without some issues.In the logs I can´t find anything.Have anyone some idea about this issue? BR/ Alexander
Ted_Serreyn inside Remote Access Solutions a week ago
views 220 8

Mobile access portal with Office 365

Does anyone have r80.20 or later working with office 365? In particular I am interested in the following: Capsule Mobile access to office365 on IOS.Mobile access link to OWA in SSL portal.native mail access in SSL portal. Currently I have apps configured, but they are not working and no error logs are currently being generated.