- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello,
I tried to install Remote Access VPN, latest available version (E88.40) on laptop running Windows 11 Enterprise 24H2, build 26100.
Build 26100 is an upcoming 24H2 release that is already available for couple of months in Insider programme, and is released for general availability for ARM computers, with imminent release to Pro and Enterprise SKUs.
So, after installing 24H2 on company laptop and setting up Remote Access VPN, said VPN connects to VPN gateway server for couple of seconds and then it disconnects. Laptop's network adapter stops working too unless I reset it via Settings app.
I know there is no official support for 24H2 yet from Checkpoint, but usually there was installation block that prevented installing Remote Access VPN on unsupported build versions. This time this didn't happen so I wanted to know is CheckPoint aware of this issue, and if needed, I can provide additional logs to help narrow down the root cause test fix, if possible.
Thank you, and kind regards,
Mario
EDIT: I couldn't find Remote Access VPN subforum, didn't notice it's under Quantum now, so if you could be kind enough to move it there I'd appreciate it!
Thats right. Here is the official sk about it. We actually have a case with TAC T3 about it.
Andy
https://support.checkpoint.com/results/sk/sk182749
Per sk117536 (Client OS support) we aim to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however generally this occurs sooner. See also sk115192 for OS support timeline.
Please otherwise engage with TAC and your SE on this issue if it is a non-ARM environment.
Note ARM support is currently limited to select client types only per sk170777.
Hi Chris,
thanks for your update, I see this didn't get fixed even with latest Remote Access VPN version so I'll wait for official fix to get out.
Kind regards,
Mario
E88.41 and above introduced EA support for Win1 11 24H2 to my knowledge, for reference latest version is E88.60
For ARM based systems please consult with your local office.
Thats right. Here is the official sk about it. We actually have a case with TAC T3 about it.
Andy
https://support.checkpoint.com/results/sk/sk182749
Thank you all!
This is x86, not ARM, and I see that the case is already opened and we are hit with it too.
Kind regards,
Mario
Did you try https://support.checkpoint.com/results/sk/sk182749 yet ?
Hi,
yeah, I tried applying this on client and it didn't help sadly.
KR,
Mario
So you tried modifying trac.defaults on the client as indicated on the bottom of the sk and that did not work?
Andy
Yep, edited trac.defaults, confirmed it was saved, restarted Remote Access VPN service, and it still didn't work.
I have reverted back to 23H2, and will wait for network team to apply this workaround server-side so we can evaluate this. Thanks!
Im going to mention this to TAC as well through the case itself...just for the context, what client version?
Andy
I tried doing this on E88.60, E88.50, and E88.41 (clients that ought to be compatible with 24H2).
KR,
Mario
Yup, all mentioned in the sk, from E88.40-E88.70. Ironically enough, we even made change on the gateway first, installed policy and it made situation WORSE. Man, none of this is good, it will affect lots of people...
Andy
Just to update, we had TAC send us updated ttm file for the gw (check the bottom section) and once we pushed the policy, seems that fixed the problem.
You may want to run this once you modify it -> vpn check_ttm $FWDIR/conf/trac_client_1.ttm
If it gives an error, run -> dos2unix trac_client_1.ttm and then vpn command again
Install policy -> test
If cluster, make sure you modify file on both members.
Andy
Below is what you should see if modification is right.
Andy
[Expert@R82:0]# vpn check_ttm /opt/CPsuite-R82/fw1/conf/trac_client_1.ttm
Summary for the file: trac_client_1.ttm
result: the file passed the check without any problems
[Expert@R82:0]#
Please open a case with support or in case it is already open then please share the SR number in private.
Hi
https://support.checkpoint.com/results/sk/sk182749 solved the issue partially for me. Thanks!
Does anyone have any idea if this is solvable in a similar way for clients using SNX in network mode? They are experiencing the same symptoms but the solution did nothing as I'm guessing trac_client_1.ttm does not affect that client type.
/Lau
Thats right, does not affect snx. Maybe check with TAC if there is another modification needed?
Andy
Already have a case with TAC and working through the normal steps. Was hoping someone had already found a solution for a quick fix.
/Lau
Lets see if someone may know.
Andy
Hi
We are experiencing this as well - upgraded 3 windows 11 pcs to 24H2 and now checkpoint vpn no longer works on them. They establish connection but after a few seconds networks connection is disrupted and vpn disconnects.
I have tried both 88.40 and 88.60 versions - same result.
i got a bit lost in this thread, is there a way to fix this on the clients or we waiting for checkpoint to release new version?
thanks in advance
/Kenn
Currently there is not a GA client for this Windows version listed in sk115192.
If the solution in sk182749 does not work for you please contact support.
Hi Lau,
I'm facing a similar issues. Did you manage to resolve your issue?
Thanks
BR
Hi,
Thank your the fast reply.
I did follow the sk instructions and for endpoint clients works perfectly but now I see issue with SNX as well... It should be related but I saw Lau with a similar issue and a TAC ticket so I asked 🙂
Thanks
BR
My apologies, sorry, did not realize thats what you meant. For that, I would double check with TAC.
Andy
Hi Bruno,
Did you open a ticket as well? If so, did you manage to get a solution working? I'm still not getting anywhere with my ticket even after 5 weeks.
Regards,
Lau
Hi Lau,
I also opened a ticket and the reply I got is not conclusive because CHKP support was pointing to a DNS issue but that ain't the problem because with PCs different from v24h2 we do not have any issue.
As soon as I get some resolution I will post it.
Best regards
BR
We have also been down the DNS issue hole with TAC. We have a separate lab gateway that we can test things on at the customer so we installed Check_Point_R81_20_SNX_UPDATE_737_MAIN_Bundle_T5_FULL.tar with no effect on the problem.
If you can use application mode with your specific use cases we have found that to be a worse, but workable solution. Had to redesign the rulebase to accommodate for it though. It does not work for everything so we still need network mode to work.
Still working with TAC on the issue. They are unfortunately still not able to understand the issue and just keep asking me to upgrade/update the actual firewalls. Already running R81.20 JHf Take 89.
Might be helpful if you open another case on the same issue.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
5 | |
3 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY