Hi Chris,

thanks for your update, I see this didn't get fixed even with latest Remote Access VPN version so I'll wait for official fix to get out.

Kind regards,

Mario

E88.41 and above introduced EA support for Win1 11 24H2 to my knowledge, for reference latest version is E88.60

For ARM based systems please consult with your local office.

Thank you all!

This is x86, not ARM, and I see that the case is already opened and we are hit with it too.

Kind regards,

Mario

Did you try https://support.checkpoint.com/results/sk/sk182749 yet ?

Hi,

yeah, I tried applying this on client and it didn't help sadly.

KR,

Mario

So you tried modifying trac.defaults on the client as indicated on the bottom of the sk and that did not work?

Andy

Yep, edited trac.defaults, confirmed it was saved, restarted Remote Access VPN service, and it still didn't work.

I have reverted back to 23H2, and will wait for network team to apply this workaround server-side so we can evaluate this. Thanks!

Im going to mention this to TAC as well through the case itself...just for the context, what client version?

Andy

I tried doing this on E88.60, E88.50, and E88.41 (clients that ought to be compatible with 24H2).

KR,
Mario

Yup, all mentioned in the sk, from E88.40-E88.70. Ironically enough, we even made change on the gateway first, installed policy and it made situation WORSE. Man, none of this is good, it will affect lots of people...

Andy

Just to update, we had TAC send us updated ttm file for the gw (check the bottom section) and once we pushed the policy, seems that fixed the problem.

You may want to run this once you modify it -> vpn check_ttm $FWDIR/conf/trac_client_1.ttm

If it gives an error, run -> dos2unix trac_client_1.ttm and then vpn command again

Install policy -> test

If cluster, make sure you modify file on both members.

Andy

@mbesen 

Below is what you should see if modification is right.

Andy

[Expert@R82:0]# vpn check_ttm /opt/CPsuite-R82/fw1/conf/trac_client_1.ttm

Summary for the file: trac_client_1.ttm
result: the file passed the check without any problems

[Expert@R82:0]#

Please open a case with support or in case it is already open then please share the SR number in private.

Hi

https://support.checkpoint.com/results/sk/sk182749 solved the issue partially for me. Thanks!

Does anyone have any idea if this is solvable in a similar way for clients using SNX in network mode? They are experiencing the same symptoms but the solution did nothing as I'm guessing trac_client_1.ttm does not affect that client type.

/Lau

Thats right, does not affect snx. Maybe check with TAC if there is another modification needed?

Andy

Already have a case with TAC and working through the normal steps. Was hoping someone had already found a solution for a quick fix.

/Lau

Lets see if someone may know.

Andy

Hi

We are experiencing this as well - upgraded 3 windows 11 pcs to 24H2 and now checkpoint vpn no longer works on them. They establish connection but after a few seconds networks connection is disrupted and vpn disconnects.

I have tried both 88.40 and 88.60 versions - same result.

i got a bit lost in this thread, is there a way to fix this on the clients or we waiting for checkpoint to release new version?

thanks in advance

/Kenn

Currently there is not a GA client for this Windows version listed in sk115192.

If the solution in sk182749 does not work for you please contact support.

Hi Lau,
I'm facing a similar issues. Did you manage to resolve your issue?

Thanks
BR

Did you follow instructions from the sk? I attached how the file needs to be edited, all you have to do is copy it and install policy, thats it, No need to run vpn check_ttm, as I verified it myself.

Andy

Hi,
Thank your the fast reply.
I did follow the sk instructions and for endpoint clients works perfectly but now I see issue with SNX as well... It should be related but I saw Lau with a similar issue and a TAC ticket so I asked 🙂

Thanks

BR

My apologies, sorry, did not realize thats what you meant. For that, I would double check with TAC.

Andy

Hi Bruno,

Did you open a ticket as well? If so, did you manage to get a solution working? I'm still not getting anywhere with my ticket even after 5 weeks.

Regards,

Lau

Hi Lau,
I also opened a ticket and the reply I got is not conclusive because CHKP support was pointing to a DNS issue but that ain't the problem because with PCs different from v24h2 we do not have any issue.

As soon as I get some resolution I will post it.

Best regards

BR

We have also been down the DNS issue hole with TAC. We have a separate lab gateway that we can test things on at the customer so we installed Check_Point_R81_20_SNX_UPDATE_737_MAIN_Bundle_T5_FULL.tar with no effect on the problem.

If you can use application mode with your specific use cases we have found that to be a worse, but workable solution. Had to redesign the rulebase to accommodate for it though. It does not work for everything so we still need network mode to work.

Still working with TAC on the issue. They are unfortunately still not able to understand the issue and just keep asking me to upgrade/update the actual firewalls. Already running R81.20 JHf Take 89.

Might be helpful if you open another case on the same issue.