cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Remote Access Solutions

The place to discuss all of Check Point's Remote Access VPN solutions, including Mobile Access Software Blade, Endpoint Remote Access VPN, SNX, Capsule Connect, and more!

Soeren_Rothe
Soeren_Rothe inside Remote Access Solutions 5 hours ago
views 187 2 5

C2S - Libreswan 3.23 (Roadwarrior) and R80.30 - working

******************************WORKING RELEASES:Mint 19.2Fedora 31Ubuntu 19.10******************************Before you begin, please make sure you have a working Remote Access environment using one of the Check Point Endpoint Clients (Windows / MacOS). This is a guide to connect a Linux VPN Client based on Libreswan to your Check Point environment, using certificates from the InternalCA.Beginning with libreswan all certificates are stored in the NSS database, therefore we need all certificates (User and CP GW) in P12.Linux Mint 19.2ISO Image: linuxmint-19.2-cinnamon-64bit.iso libreswan: 3.23 (netkey)1)After Mint 19.2 Linux was installed, please install the latest libreswan binary using# sudo apt-get install libreswan2)Initialize the NSS Database # sudo ipsec initnss3)Check Database by running# sudo certutil -L -d sql:/var/lib/ipsec/nssGateway / SmartCenter R80.30 Jumbo Take 76 - Standalone Firewall VPN Object: home-fwVPN Certificate: defaultCertEncryption Domain: 192.168.0.0/24 1)Export the Firewall p12 VPN Certificate (home-fw) from the SmartCenter. To check the Certificate name, open the FW object in SmartDashboard - IPSec VPN - Certificate Nickname  (usually defaultCert)Usage: export_p12 -obj <network object> -cert <certobj> -file <filename> -passwd <password>fw# export_p12 -obj home-fw -cert defaultCert -f home-fw.p12 -passwd 123456 A file named "home-fw.p12" will be generated. Copy this over to the Linux VM. 2)In the User object create a p12 certificate and copy the file over to the Linux VM. For example: soeren.p12Make sure that this user is part of the Remote Access community, you can check if the connections works with a Check Point VPN Client using Username / PW for example. Linux Mint 19.2Now it is time to import the certificates and to do the libreswan config1)Both p12 certificates home-fw.p12 and soeren.p12 are imported using the command "ipsec import" # sudo ipsec import home-fw.p12# sudo ipsec import soeren.p12The following command should display all certificates, also the Certificate Nicknames. The Nickname is important for the libreswan configuration later on.# sudo certutil -L -d sql:/var/lib/ipsec/nss  # sudo certutil -L -d sql:/etc/ipsec.d   // Fedora  soeren.p12 uses the Certificate Nickname "soeren" and home-fw.p12 uses the Certificate Nickname "defaultCert".2)In /etc/ipsec.conf only enable the logging. logfile=/var/log/pluto.log3)Create a new file called "ra.conf" and "ra.secrets" in /etc/ipsec.d/#sudo touch /etc/ipsec.d/ra.conf#sudo touch /etc/ipsec.d/ra.secrets4)Edit the ra.conf file #sudo vi /etc/ipsec.d/ra.conf5)/etc/ipsec.d/ra.confconn home# Right side is libreswan - RoadWarriorright=%defaultroute              # or IP address of the Clientrightcert=soeren                    # Certificate Nickname of the users rightid=%fromcert                 # Certificate ID # Left side is Check Pointleft=xxx.xxx.xxx.xxx                 # put here your Gateway IP Addressleftsubnet=192.168.0.0/24     # put here your company's network range or 0.0.0.0/0 for anyleftcert=defaultCert                # Certificate Nickname of the CP GW leftid=%fromcert                     # Certificate ID  # configtype=tunnelkeyingtries=3disablearrivalcheck=noauthby=rsasig#ike=aes256-sha1;modp1536  # can be enabled, to force AES256, SHA1; DH5 in IKE Phase 1#phase2alg=aes128-sha1        # can be enabled to force AES128, SHA1 in IKE Phase 2ikelifetime=8h                             # IKE Lifetime 8h for IKE Phase P1  salifetime=1h                              # SA Lifetime 1h for IKE Phase P2pfs=no                                          # No PFS in IKE Phase 2mtu=1400                                    # lower MTU size, if not, several Web Sites won't be accessibleikev2=no                                      # IKEv2 is not supported by Check Point in RemoteAccess keyexchange=ikeauto=route 6)Start ipsec with systemctl# systemctl enable ipsec# systemctl start ipsec # systemctl status ipsec (to check if ipsec was started successfully)7)Initiate Connection to CP GW# sudo ipsec auto --add home# sudo ipsec auto --up homeConnection from Client was successfully initialized. 8 )Logs from Check Point GUI   I still need to test DPD (Dead Peer Detection). If the VPN is removed from the CP side, the connection won't be re-established from libreswan.
abihsot__
abihsot__ inside Remote Access Solutions 5 hours ago
views 27 2

MAB - disable web credentials popup

Hello,is there a way to disable "web credentials" popup for particular web application in Mobile Access (R80.20)?  
Gaurav_Pandya
Gaurav_Pandya inside Remote Access Solutions 6 hours ago
views 1274 5

File Share Application in Mobile Access SSL VPN

Hi All,Below are the steps to implement File share application with Mobile Access SSL VPN.Create File share Application.Configure Target IP in which Sharing file/ application located.Give proper pathAllow this application in Mobile access rule & you will find this application after connecting to SSL VPN.
Howard_Gyton
Howard_Gyton inside Remote Access Solutions 11 hours ago
views 92 3

R80.30 - Viewing SmartView as a web application via SSL VPN portal (non-native)

Hi,I can view SmartView via full VPN, and also via Capsule VPN.But on a host where that is not an option, I have tried to enable access as a web application.It almost works(!) , but when I click on the link via the SSL VPN, the page attempts to load, I see a spinner in the middle of the screen and the tab at the top of the Chrome browser shows the SmartView text and colour scheme but the login screen never actually appears.When I had a look in the logs I can see that when I access via full VPN, my office mode address is the source.  Over SSL VPN, it shows the IP of either of the two firewalls as part of the cluster, which makes sense, but these are allowed. I see no blocks.Has anyone had any luck getting this to work?Howard
abihsot__
abihsot__ inside Remote Access Solutions yesterday
views 559 7

CVPND process consumes 100% CPU

Hi There, I have a problem - during policy push cvpnd process is going 100% for 30 seconds during which existing or new connections are not served and users get page not displayed error. I checked debug of cvpnd process and my findings are that 98% of the lines (out of 2 millions) are:[12609][23 Apr 17:35:12][ROLES] [ROLES (NAC::IS::TD::Events)] NAC::IS::ROLE_MATCHER_API::RangeList::intersect: no intersection[12609][23 Apr 17:35:12][ROLES] [ROLES (NAC::IS::TD::Events)] NAC::IS::ROLE_MATCHER_API::RangeList::intersect: intersecting: [x.x.x.x.,x.x.x.x] and [x.x..x.x,x.x..x.x.x.][12609][23 Apr 17:35:12][ROLES] [ROLES (NAC::IS::TD::Events)] NAC::IS::ROLE_MATCHER_API::RangeList::intersect: no intersection What is this ROLE_MATCHER_API doing? It seems it is flooding the process hence it is busy with 100% load. R80.20 latest JHF 
abihsot__
abihsot__ inside Remote Access Solutions yesterday
views 101 3

Cannot open "link translation" in SmartDashboard

Hello,I am using R80.30 jhf50 for management server and when I go to mobile access > additional settings > link translation I get following error. I click ok and get another message saying encountered an improper argument and it is in the endless loop showing the same message... I have to kill smartdashboard process from task manager.I found this domain object in mobile access > additional settings > DNS names, removed it, but that didn't helped... Any ideas?  
Garrett_Anderso
Garrett_Anderso inside Remote Access Solutions yesterday
views 98 3 1

why does MABDA still require Java? SNX replacement

Hello -- I was under impression that R&D actively working on replacement of the legacy JAVA-based SNX.The expectation was was new HTML5-based architecture with JAVA not part of equation.     Example:   customer who would like to completely remove JAVA from any endpoint device. The following SK has been referenced multiple times on checkmates.    Why is JAVA still an installation requirement on Windows (example:  it's needed for endpoint compliance check)?apologies for the potentially dense question.   thx sk113410 - Mobile Access Portal and Java Compatibility - New Mobile Access Portal Agent technology 
Gabriel_Rosas
Gabriel_Rosas inside Remote Access Solutions Wednesday
views 88 2

SSL Network Extender Issue

Hi team,I am having a random issue with remote users connected to the RemoteAccess vpn.Remote users can login to the portal and the office mode IP assigns correctly. We do not know why some times users cannot access the resource. When connections are being dropped logs show: "Drecipted and user method are not identical (vpn error code 1). It seems like that the gateway is identifying the users connections as a Site-to-Site communication from one of our peer gateways even when the encryption domains are not the same. This issue is presenting since we upgraded to R80.20.So, we have some questions...Do we need to configure static routes in the customer switch core?We have a clusterXL HA deployment and different office mode segments are configured in the cluster members. We have detected that only with one member the issue is presenting. Do we need to use the same office mode pool in both cluster members? Regards.     
rkucera
rkucera inside Remote Access Solutions Tuesday
views 2051 6

L2TP over IPSec Linux VPN

Hi,we are trying to establish a L2TP over IPSec connection with Linux clients. I've already read a few entries about Linux client vpn in the forum, but they didn't really help me.We tested it with an IOS and Android device where it worked without any problems. On the IOS device you only have to enter the Gateway IP address, the shared key and the username /password (see screen). We get an Office Mode IP address at the connection.Unfortunately the connection with Linux does not work although we use the same settings (see screen).We always get the following entries/errors in the connection log. We have tried it with Strongswan as well as with Libreswan:Strongswan:Mar 26 21:46:30 I-00000342U NetworkManager[996]: <info> [1553633190.0399] audit: op="connection-activate" uuid="60aa7e6b-c31f-4ce1-abe5-5b7695c44209" name="VPN_GW" pid=2365 uid=591804607 result="success" Mar 26 21:46:30 I-00000342U NetworkManager[996]: <info> [1553633190.0436] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: Started the VPN service, PID 8568 Mar 26 21:46:30 I-00000342U NetworkManager[996]: <info> [1553633190.0502] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: Saw the service appear; activating connection Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:46:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:46:35 I-00000342U NetworkManager[996]: <info> [1553633195.1799] settings-connection[0x556d60ecf440,60aa7e6b-c31f-4ce1-abe5-5b7695c44209]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/VPN_GW (60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW")), connection was modified in the process Mar 26 21:46:35 I-00000342U NetworkManager[996]: <info> [1553633195.1878] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN connection: (ConnectInteractive) reply received Mar 26 21:46:35 I-00000342U nm-l2tp-service[8568]: Check port 1701 Mar 26 21:46:35 I-00000342U NetworkManager[996]: Stopping strongSwan IPsec failed: starter is not running Mar 26 21:46:37 I-00000342U NetworkManager[996]: Starting strongSwan 5.6.2 IPsec [starter]... Mar 26 21:46:37 I-00000342U NetworkManager[996]: Loading config setup Mar 26 21:46:37 I-00000342U NetworkManager[996]: Loading conn '60aa7e6b-c31f-4ce1-abe5-5b7695c44209' Mar 26 21:46:37 I-00000342U NetworkManager[996]: found netkey IPsec stack Mar 26 21:46:37 I-00000342U charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64) Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-60aa7e6b-c31f-4ce1-abe5-5b7695c44209.secrets' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loaded IKE secret for 1.2.3.4 Mar 26 21:46:37 I-00000342U charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-68fc3d21-166a-4f56-a302-edd559574ff3.secrets' Mar 26 21:46:37 I-00000342U charon: 00[CFG] loaded IKE secret for %any Mar 26 21:46:37 I-00000342U charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters Mar 26 21:46:37 I-00000342U charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 Mar 26 21:46:37 I-00000342U charon: 00[JOB] spawning 16 worker threads Mar 26 21:46:37 I-00000342U charon: 05[CFG] received stroke: add connection '60aa7e6b-c31f-4ce1-abe5-5b7695c44209' Mar 26 21:46:37 I-00000342U charon: 05[CFG] added configuration '60aa7e6b-c31f-4ce1-abe5-5b7695c44209' Mar 26 21:46:38 I-00000342U charon: 07[CFG] rereading secrets Mar 26 21:46:38 I-00000342U charon: 07[CFG] loading secrets from '/etc/ipsec.secrets' Mar 26 21:46:38 I-00000342U charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-60aa7e6b-c31f-4ce1-abe5-5b7695c44209.secrets' Mar 26 21:46:38 I-00000342U charon: 07[CFG] loaded IKE secret for 1.2.3.4 Mar 26 21:46:38 I-00000342U charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-68fc3d21-166a-4f56-a302-edd559574ff3.secrets' Mar 26 21:46:38 I-00000342U charon: 07[CFG] loaded IKE secret for %any Mar 26 21:46:38 I-00000342U charon: 08[CFG] received stroke: initiate '60aa7e6b-c31f-4ce1-abe5-5b7695c44209' Mar 26 21:46:38 I-00000342U charon: 10[IKE] initiating Main Mode IKE_SA 60aa7e6b-c31f-4ce1-abe5-5b7695c44209[1] to 1.2.3.4 Mar 26 21:46:38 I-00000342U charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V V ] Mar 26 21:46:38 I-00000342U charon: 10[NET] sending packet: from 192.168.133.24[500] to 1.2.3.4[500] (204 bytes) Mar 26 21:46:38 I-00000342U charon: 12[NET] received packet: from 1.2.3.4[500] to 192.168.133.24[500] (40 bytes) Mar 26 21:46:38 I-00000342U charon: 12[ENC] parsed INFORMATIONAL_V1 request 604563902 [ N(NO_PROP) ] Mar 26 21:46:38 I-00000342U charon: 12[IKE] received NO_PROPOSAL_CHOSEN error notify Mar 26 21:46:38 I-00000342U NetworkManager[996]: initiating Main Mode IKE_SA 60aa7e6b-c31f-4ce1-abe5-5b7695c44209[1] to 1.2.3.4 Mar 26 21:46:38 I-00000342U NetworkManager[996]: generating ID_PROT request 0 [ SA V V V V V ] Mar 26 21:46:38 I-00000342U NetworkManager[996]: sending packet: from 192.168.133.24[500] to 1.2.3.4[500] (204 bytes) Mar 26 21:46:38 I-00000342U NetworkManager[996]: received packet: from 1.2.3.4[500] to 192.168.133.24[500] (40 bytes) Mar 26 21:46:38 I-00000342U NetworkManager[996]: parsed INFORMATIONAL_V1 request 604563902 [ N(NO_PROP) ] Mar 26 21:46:38 I-00000342U NetworkManager[996]: received NO_PROPOSAL_CHOSEN error notify Mar 26 21:46:38 I-00000342U NetworkManager[996]: establishing connection '60aa7e6b-c31f-4ce1-abe5-5b7695c44209' failed Mar 26 21:46:38 I-00000342U NetworkManager[996]: Stopping strongSwan IPsec... Mar 26 21:46:38 I-00000342U charon: 00[DMN] signal of type SIGINT received. Shutting down Mar 26 21:46:38 I-00000342U nm-l2tp-service[8568]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed Mar 26 21:46:38 I-00000342U NetworkManager[996]: <info> [1553633198.6915] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN plugin: state changed: stopped (6) Mar 26 21:46:38 I-00000342U dbus-daemon[2028]: [session uid=591804607 pid=2028] Activating service name='org.freedesktop.Notifications' requested by ':1.33' (uid=591804607 pid=2365 comm="nm-applet " label="unconfined") Mar 26 21:46:38 I-00000342U NetworkManager[996]: <info> [1553633198.7007] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN service disappeared Mar 26 21:46:38 I-00000342U NetworkManager[996]: <warn> [1553633198.7050] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' Mar 26 21:46:38 I-00000342U dbus-daemon[2028]: [session uid=591804607 pid=2028] Successfully activated service 'org.freedesktop.Notifications' Mar 26 21:46:40 I-00000342U ntpd[1131]: error resolving pool windows.ad.loc: No address associated with hostname (-5)Libreswan:Mar 26 21:48:06 I-00000342U systemd[1]: message repeated 4 times: [ Reloading.] Mar 26 21:48:25 I-00000342U NetworkManager[996]: <info> [1553633305.9419] audit: op="connection-activate" uuid="60aa7e6b-c31f-4ce1-abe5-5b7695c44209" name="VPN_GW" pid=2365 uid=591804607 result="success" Mar 26 21:48:25 I-00000342U NetworkManager[996]: <info> [1553633305.9480] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: Started the VPN service, PID 9153 Mar 26 21:48:25 I-00000342U NetworkManager[996]: <info> [1553633305.9572] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: Saw the service appear; activating connection Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:48:26 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: gdk_pixbuf_from_pixdata() called on: at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Encoding raw at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Dimensions: 16 x 16 at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Rowstride: 64, Length: 1048 at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U org.mate.panel.applet.BriskMenuFactory[2028]: GdkPixbuf-LOG **: #011Copy pixels == false at /usr/bin/shutter line 2891. Mar 26 21:48:30 I-00000342U NetworkManager[996]: <info> [1553633310.2738] settings-connection[0x556d60ecf440,60aa7e6b-c31f-4ce1-abe5-5b7695c44209]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/VPN_GW (60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW")), connection was modified in the process Mar 26 21:48:30 I-00000342U NetworkManager[996]: <info> [1553633310.2794] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN connection: (ConnectInteractive) reply received Mar 26 21:48:30 I-00000342U nm-l2tp-service[9153]: Check port 1701 Mar 26 21:48:30 I-00000342U NetworkManager[996]: whack: Pluto is not running (no "/run/pluto/pluto.ctl") Mar 26 21:48:30 I-00000342U NetworkManager[996]: Redirecting to: systemctl stop ipsec.service Mar 26 21:48:30 I-00000342U NetworkManager[996]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9185]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U NetworkManager[996]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9190]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U NetworkManager[996]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9203]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U NetworkManager[996]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9208]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U NetworkManager[996]: Redirecting to: systemctl start ipsec.service Mar 26 21:48:30 I-00000342U systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Mar 26 21:48:30 I-00000342U addconn[9477]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9477]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U _stackmanager[9478]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9480]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U _stackmanager[9478]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:30 I-00000342U libipsecconf[9485]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:31 I-00000342U ipsec[9753]: Initializing NSS database Mar 26 21:48:31 I-00000342U ipsec[9756]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:31 I-00000342U libipsecconf[9758]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:31 I-00000342U ipsec[9756]: nflog ipsec capture disabled Mar 26 21:48:31 I-00000342U systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 listening for IKE messages Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface vmnet8/vmnet8 172.16.7.1:500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface vmnet8/vmnet8 172.16.7.1:4500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface vmnet1/vmnet1 172.16.98.1:500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface vmnet1/vmnet1 172.16.98.1:4500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface wlp4s0/wlp4s0 192.168.133.24:500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface wlp4s0/wlp4s0 192.168.133.24:4500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface lo/lo 127.0.0.1:500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface lo/lo 127.0.0.1:4500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 adding interface lo/lo ::1:500 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 loading secrets from "/etc/ipsec.secrets" Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-60aa7e6b-c31f-4ce1-abe5-5b7695c44209.secrets" Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-68fc3d21-166a-4f56-a302-edd559574ff3.secrets" Mar 26 21:48:31 I-00000342U NetworkManager[996]: debugging mode enabled Mar 26 21:48:31 I-00000342U NetworkManager[996]: end of file /var/run/nm-l2tp-ipsec-60aa7e6b-c31f-4ce1-abe5-5b7695c44209.conf Mar 26 21:48:31 I-00000342U NetworkManager[996]: Loading conn 60aa7e6b-c31f-4ce1-abe5-5b7695c44209 Mar 26 21:48:31 I-00000342U NetworkManager[996]: starter: left is KH_DEFAULTROUTE Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" labeled_ipsec=0 Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" modecfgdns=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" modecfgdomains=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" modecfgbanner=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" mark=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" mark-in=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" mark-out=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: conn: "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" vti_iface=(null) Mar 26 21:48:31 I-00000342U NetworkManager[996]: opening file: /var/run/nm-l2tp-ipsec-60aa7e6b-c31f-4ce1-abe5-5b7695c44209.conf Mar 26 21:48:31 I-00000342U NetworkManager[996]: loading named conns: 60aa7e6b-c31f-4ce1-abe5-5b7695c44209 Mar 26 21:48:31 I-00000342U NetworkManager[996]: seeking_src=1, seeking_gateway = 1, has_peer = 1 Mar 26 21:48:31 I-00000342U NetworkManager[996]: seeking_src=0, seeking_gateway = 1, has_dst = 1 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst via 192.168.133.1 dev wlp4s0 src table 254 Mar 26 21:48:31 I-00000342U NetworkManager[996]: set nexthop: 192.168.133.1 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 169.254.0.0 via dev wlp4s0 src table 254 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.7.0 via dev vmnet8 src 172.16.7.1 table 254 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.98.0 via dev vmnet1 src 172.16.98.1 table 254 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 192.168.133.0 via dev wlp4s0 src 192.168.133.24 table 254 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.7.0 via dev vmnet8 src 172.16.7.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.7.1 via dev vmnet8 src 172.16.7.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.7.255 via dev vmnet8 src 172.16.7.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.98.0 via dev vmnet1 src 172.16.98.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.98.1 via dev vmnet1 src 172.16.98.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 172.16.98.255 via dev vmnet1 src 172.16.98.1 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 192.168.133.0 via dev wlp4s0 src 192.168.133.24 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 192.168.133.24 via dev wlp4s0 src 192.168.133.24 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 192.168.133.255 via dev wlp4s0 src 192.168.133.24 table 255 (ignored) Mar 26 21:48:31 I-00000342U NetworkManager[996]: seeking_src=1, seeking_gateway = 0, has_peer = 1 Mar 26 21:48:31 I-00000342U NetworkManager[996]: seeking_src=1, seeking_gateway = 0, has_dst = 1 Mar 26 21:48:31 I-00000342U NetworkManager[996]: dst 192.168.133.1 via dev wlp4s0 src 192.168.133.24 table 254 Mar 26 21:48:31 I-00000342U NetworkManager[996]: set addr: 192.168.133.24 Mar 26 21:48:31 I-00000342U NetworkManager[996]: seeking_src=0, seeking_gateway = 0, has_peer = 1 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #1: initiating Main Mode Mar 26 21:48:31 I-00000342U NetworkManager[996]: 104 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #1: STATE_MAIN_I1: initiate Mar 26 21:48:31 I-00000342U NetworkManager[996]: 106 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 108 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #1: Peer ID is ID_IPV4_ADDR: '1.2.3.4' Mar 26 21:48:31 I-00000342U NetworkManager[996]: 004 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP1536} Mar 26 21:48:31 I-00000342U NetworkManager[996]: 002 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:fa1d1722 proposal=defaults pfsgroup=no-pfs} Mar 26 21:48:31 I-00000342U NetworkManager[996]: 117 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: STATE_QUICK_I1: initiate Mar 26 21:48:31 I-00000342U NetworkManager[996]: 010 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Mar 26 21:48:32 I-00000342U libipsecconf[9785]: warning: could not open include filename: '/etc/ipsec.d/*.conf' Mar 26 21:48:32 I-00000342U NetworkManager[996]: 010 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Mar 26 21:48:33 I-00000342U NetworkManager[996]: 010 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Mar 26 21:48:35 I-00000342U NetworkManager[996]: 010 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Mar 26 21:48:39 I-00000342U NetworkManager[996]: 010 "60aa7e6b-c31f-4ce1-abe5-5b7695c44209" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Mar 26 21:48:41 I-00000342U nm-l2tp-service[9153]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed Mar 26 21:48:41 I-00000342U NetworkManager[996]: <info> [1553633321.2615] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN plugin: state changed: stopped (6) Mar 26 21:48:41 I-00000342U NetworkManager[996]: <info> [1553633321.2717] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN service disappeared Mar 26 21:48:41 I-00000342U dbus-daemon[2028]: [session uid=591804607 pid=2028] Activating service name='org.freedesktop.Notifications' requested by ':1.33' (uid=591804607 pid=2365 comm="nm-applet " label="unconfined") Mar 26 21:48:41 I-00000342U NetworkManager[996]: <warn> [1553633321.2774] vpn-connection[0x556d610801e0,60aa7e6b-c31f-4ce1-abe5-5b7695c44209,"VPN_GW",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' Mar 26 21:48:41 I-00000342U dbus-daemon[2028]: [session uid=591804607 pid=2028] Successfully activated service 'org.freedesktop.Notifications'Has anyone any idea why L2TP over IPSec works so easy with IOS and Adroid devices and not with a Linux client?Hopefully someone of you has a solution for this. BRRené
D_W
D_W inside Remote Access Solutions Monday
views 136

iOS 13.x Capsule Connect Certificate

Hi all,we use Intune Azure to Roll Out Capsule Connect on iOS Devices. The App is configured as Per-App VPN and authentication via user certificate. Certificate rolled out by SCEP. This works so far!Now we want to change the Roll Out of the Capsule Connect App via the Apple Volume Purchase Program but when we do this the Capsule App cannot see the certificate.Tested on iOS 13.2 and 13.1.2. Checkpoint Capsule Connect Version: 1.600.48Is someone having the same issue or any idea to solve it?Cheers,David 

Endpoint Vpn Location awareness

Hi, We have stumbled upon a small issue and we would like your opinion on a possible solution So we have a client behind a site 2 site tunnel. The client has Location awareness active and is always building the VPN directly to its VPN gateway, as the connection goes over the external link it is always detected as Outside.How do we make the Client understand that he is actually internal and should use the Site 2 site tunnel and does not need to build up the client VPN? The option Domain controller and Network Group is not acceptable, the first does not work as intended and the 2 could lead to other issues, are there any quick solutions for this? 
Ted_Serreyn
Ted_Serreyn inside Remote Access Solutions a week ago
views 436 12

Mobile access portal with Office 365

Does anyone have r80.20 or later working with office 365? In particular I am interested in the following: Capsule Mobile access to office365 on IOS.Mobile access link to OWA in SSL portal.native mail access in SSL portal. Currently I have apps configured, but they are not working and no error logs are currently being generated.
Keld_Norman
Keld_Norman inside Remote Access Solutions a week ago
views 2699 8 5

How to get better grades @ SSL Labs Certificate scan

Can any one here guide me on how to get a better score when I scan my firewall with the SSL Server Test (Powered by Qualys SSL Labs) ?Is there a quick guide on how to enable forward secrecy, disable tls v1.0, 1.1 and weak ciphers etc. ?  Best regards Keld NormanThanks for the anwsers so far - I have collected them all - testet and gotten better scores - here is what i did: ########################################################################          HOW TO GET BETTER GRADES IN THE SSLLABS.COM SSL TEST                ########################################################################To get from the B to A I did the following: Alter the portal to only support TLS 1.2In my 80.10 SmartConsole:      Global Properties -> AdvancedConfiguration -> Portal Properties: Altered minimum version to TLS 1.2NB: Thanks to Claus Kjær for reminding me of this GUI way of doing things - I were trying to do achieve this by altering conf files with vim in expert shell.. Now to enable perfect forward support: REF: Specific HTTPS sites that use ECDHE ciphers are not accessible when HTTPS Inspection is enabled (sk110883)A note about the above sk110883ECDHE is quite widely used and recommend. It works with elliptical keys and provides forward secrecy. It's used for the key exchange.ECDSA is not widely used though, but it does also use elliptical keys. It it used for authenticationI logged on to the firewall via secure shell  (I have a standalone installation with the manager and firewall running in a VM) and in expert mode pasted the following 3 lines in: [Expert@firewall:0]# ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_ACCEPT_ECDHE 1 ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_PROPOSE_ECDHE 1 ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_EC_P384 1Then a reboot or just a cpstop/start is needed: [Expert@firewall:0]#   nohup $(cpstop ; cpstart) & Now the grade went from B to A : Now to look at the suggested link from Dameon Welch Abernathy   Remove the weak ciphers related to TLS 1.2(ref: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120774)So basically I just need to alter this in the file: /web/templates/httpd-ssl.conf.templALTER: SSLCipherSuite HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5TO SSLCipherSuite ECDH:!aNULL:!ECDSA:!aECDH:!eNULL:!MD5:!SHA1Again secure shell to the system - and in export mode paste the lines in purple below:  # Backup the file you want to alter first[Expert@firewall:0]#cp /web/templates/httpd-ssl.conf.templ /web/templates/httpd-ssl.conf.templ.backup# Oneliner to replace the old line with the new using the SED util.sed -i 's/SSLCipherSuite HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5/SSLCipherSuite ECDH:!aNULL:!ECDSA:!aECDH:!eNULL:!MD5:!SHA1/' /web/templates/httpd-ssl.conf.templ # Test if the line was altered: grep -i ^SSLCipherSuite /web/templates/httpd-ssl.conf.templ( it should return: SSLCipherSuite ECDH:!aNULL:!ECDSA:!aECDH:!eNULL:!MD5:!SHA1)Then reboot the firewall.. [Expert@firewall:0]# rebootThe Qualys SSL scan still only shows an A - I still have some weak ciphers 😕 To be continued..
jessica_stanson
jessica_stanson inside Remote Access Solutions a week ago
views 2384 5

Pre-Share Keys CMD CLISH

Hi,   does anyone the CMD to see the vpn Pre-Share Keys in Checkpoint? In Fortinet the PSK is saved in the config File like:set remote-gw 77.56.199.43 set psksecret ENC Sqjxee+N3ZaTG2lL..........wa27N+XALaSxVQ==
tone
tone inside Remote Access Solutions 2 weeks ago
views 232 1

Upgrading Check Point VPN Client MSI

Hi,Hope someone can confirm if Check Point Client MSI can be upgraded without uninstalling the previous version?I have been advised that the VPN E80.87 has to be uninstalled and the PC rebooted before VPN E81.30 can be installed.However looking at the upgrade table in the MSI there shouldn't be any reason why the previous version needs removing first, and so far testing on Window 10 1803 would suggest this is correct.Is anyone else just installing VPN E81.30 or later on top of VPN E80.87 and just letting the MSI deal with the upgrade?Thanks,Tone