Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mbesen
Contributor
Jump to solution

Checkpoint Remote Access VPN - support for Windows 11 24H2 (build 26100)

Hello,

I tried to install Remote Access VPN, latest available version (E88.40) on laptop running Windows 11 Enterprise 24H2, build 26100.

Build 26100 is an upcoming 24H2 release that is already available for couple of months in Insider programme, and is released for general availability for ARM computers, with imminent release to Pro and Enterprise SKUs.

So, after installing 24H2 on company laptop and setting up Remote Access VPN, said VPN connects to VPN gateway server for couple of seconds and then it disconnects. Laptop's network adapter stops working too unless I reset it via Settings app.

I know there is no official support for 24H2 yet from Checkpoint, but usually there was installation block that prevented installing Remote Access VPN on unsupported build versions. This time this didn't happen so I wanted to know is CheckPoint aware of this issue, and if needed, I can provide additional logs to help narrow down the root cause test fix, if possible.

Thank you, and kind regards,

Mario

 

EDIT: I couldn't find Remote Access VPN subforum, didn't notice it's under Quantum now, so if you could be kind enough to move it there I'd appreciate it!

(1)
1 Solution

Accepted Solutions
the_rock
Legend
Legend

Thats right. Here is the official sk about it. We actually have a case with TAC T3 about it.

Andy

https://support.checkpoint.com/results/sk/sk182749

View solution in original post

(1)
34 Replies
Chris_Atkinson
Employee Employee
Employee

Per sk117536 (Client OS support) we aim to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however generally this occurs sooner. See also sk115192 for OS support timeline.

Please otherwise engage with TAC and your SE on this issue if it is a non-ARM environment. 
Note ARM support is currently limited to select client types only per sk170777.

 

CCSM R77/R80/ELITE
mbesen
Contributor

Hi Chris,

thanks for your update, I see this didn't get fixed even with latest Remote Access VPN version so I'll wait for official fix to get out.

Kind regards,

Mario

Chris_Atkinson
Employee Employee
Employee

E88.41 and above introduced EA support for Win1 11 24H2 to my knowledge, for reference latest version is E88.60

For ARM based systems please consult with your local office.

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Thats right. Here is the official sk about it. We actually have a case with TAC T3 about it.

Andy

https://support.checkpoint.com/results/sk/sk182749

(1)
mbesen
Contributor

Thank you all!

This is x86, not ARM, and I see that the case is already opened and we are hit with it too.

Kind regards,

Mario

G_W_Albrecht
Legend Legend
Legend

Did you try https://support.checkpoint.com/results/sk/sk182749 yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
mbesen
Contributor

Hi,

yeah, I tried applying this on client and it didn't help sadly.

 

KR,

Mario

0 Kudos
the_rock
Legend
Legend

So you tried modifying trac.defaults on the client as indicated on the bottom of the sk and that did not work?

Andy

0 Kudos
mbesen
Contributor

Yep, edited trac.defaults, confirmed it was saved, restarted Remote Access VPN service, and it still didn't work.

I have reverted back to 23H2, and will wait for network team to apply this workaround server-side so we can evaluate this. Thanks!

0 Kudos
the_rock
Legend
Legend

Im going to mention this to TAC as well through the case itself...just for the context, what client version?

Andy

0 Kudos
mbesen
Contributor

I tried doing this on E88.60, E88.50, and E88.41 (clients that ought to be compatible with 24H2).

 

KR,
Mario

the_rock
Legend
Legend

Yup, all mentioned in the sk, from E88.40-E88.70. Ironically enough, we even made change on the gateway first, installed policy and it made situation WORSE. Man, none of this is good, it will affect lots of people...

Andy

the_rock
Legend
Legend

Just to update, we had TAC send us updated ttm file for the gw (check the bottom section) and once we pushed the policy, seems that fixed the problem.

You may want to run this once you modify it -> vpn check_ttm $FWDIR/conf/trac_client_1.ttm

If it gives an error, run -> dos2unix trac_client_1.ttm and then vpn command again

Install policy -> test

If cluster, make sure you modify file on both members.

Andy

the_rock
Legend
Legend

@mbesen 

Below is what you should see if modification is right.

Andy

[Expert@R82:0]# vpn check_ttm /opt/CPsuite-R82/fw1/conf/trac_client_1.ttm

Summary for the file: trac_client_1.ttm
result: the file passed the check without any problems

[Expert@R82:0]#

Chris_Atkinson
Employee Employee
Employee

Please open a case with support or in case it is already open then please share the SR number in private.

CCSM R77/R80/ELITE
0 Kudos
Lau
Participant
Participant

Hi

https://support.checkpoint.com/results/sk/sk182749 solved the issue partially for me. Thanks!

Does anyone have any idea if this is solvable in a similar way for clients using SNX in network mode? They are experiencing the same symptoms but the solution did nothing as I'm guessing trac_client_1.ttm does not affect that client type.

/Lau

(1)
the_rock
Legend
Legend

Thats right, does not affect snx. Maybe check with TAC if there is another modification needed?

Andy

0 Kudos
Lau
Participant
Participant

Already have a case with TAC and working through the normal steps. Was hoping someone had already found a solution for a quick fix.

 

/Lau

the_rock
Legend
Legend

Lets see if someone may know.

Andy

0 Kudos
kenn_checkpoint
Explorer

Hi

We are experiencing this as well - upgraded 3 windows 11 pcs to 24H2 and now checkpoint vpn no longer works on them. They establish connection but after a few seconds networks connection is disrupted and vpn disconnects.

 

I have tried both 88.40 and 88.60 versions - same result.

 

i got a bit lost in this thread, is there a way to fix this on the clients or we waiting for checkpoint to release new version?

 

thanks in advance

/Kenn

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Currently there is not a GA client for this Windows version listed in sk115192.

If the solution in sk182749 does not work for you please contact support.

CCSM R77/R80/ELITE
0 Kudos
Bruno_Ramos
Participant

Hi Lau,
I'm facing a similar issues. Did you manage to resolve your issue?

Thanks
BR

0 Kudos
the_rock
Legend
Legend

Did you follow instructions from the sk? I attached how the file needs to be edited, all you have to do is copy it and install policy, thats it, No need to run vpn check_ttm, as I verified it myself.

 

Andy

0 Kudos
Bruno_Ramos
Participant

Hi,
Thank your the fast reply.
I did follow the sk instructions and for endpoint clients works perfectly but now I see issue with SNX as well... It should be related but I saw Lau with a similar issue and a TAC ticket so I asked 🙂

Thanks

BR

0 Kudos
the_rock
Legend
Legend

My apologies, sorry, did not realize thats what you meant. For that, I would double check with TAC.

Andy

Lau
Participant
Participant

Hi Bruno,

Did you open a ticket as well? If so, did you manage to get a solution working? I'm still not getting anywhere with my ticket even after 5 weeks.

Regards,

Lau

0 Kudos
Bruno_Ramos
Participant

Hi Lau,
I also opened a ticket and the reply I got is not conclusive because CHKP support was pointing to a DNS issue but that ain't the problem because with PCs different from v24h2 we do not have any issue.

As soon as I get some resolution I will post it.

Best regards

BR

0 Kudos
Lau
Participant
Participant

We have also been down the DNS issue hole with TAC. We have a separate lab gateway that we can test things on at the customer so we installed Check_Point_R81_20_SNX_UPDATE_737_MAIN_Bundle_T5_FULL.tar with no effect on the problem.

If you can use application mode with your specific use cases we have found that to be a worse, but workable solution. Had to redesign the rulebase to accommodate for it though. It does not work for everything so we still need network mode to work.

Lau
Participant
Participant

Still working with TAC on the issue. They are unfortunately still not able to understand the issue and just keep asking me to upgrade/update the actual firewalls. Already running R81.20 JHf Take 89.

Might be helpful if you open another case on the same issue.

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events