Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Eichelbu
Collaborator

Client VPN issues after installing Jumbo, regardless of R80.20 or R80.30

Hello Check Mates, 

on several occasions we have encountered a failure of the whole Client VPN functionality after we have installed "a HFA".
We see this happen on R80.20  after installtion of 184 for example.
Also on R80.30 when upgrading from Take 140 to Take 219.
So iam not sure if it is directly related to a specific constellation from where the upgrade starts or what blades are enabled.


The errors are not always the same, sometimes the VPN client just cannot connect, or the connect is successful but all traffic hits the cleanup rule ...

there are such SK´s like
"After upgrading R80.20 Security Gateways to Jumbo take 103 or above, Remote Access users can no longer connect with Endpoint Security VPN" sk164240

My question is very general, can you confirm the same, that some certain HFA just disable the RAS VPN?

What are your stories about this? Have you seen this before?

best regards
Thomas.

0 Kudos
6 Replies
G_W_Albrecht
Legend
Legend

I have seen RA VPN client issues a lot before - mostly they are caused by miss configuration. There also have been some bugs introduced by Jumbo HFAs, like the one from sk164240 you mentioned, or from sk169877 or sk169152, but it is clearly not true that RA VPN was disabled 😎!

0 Kudos
Thomas_Eichelbu
Collaborator

Hello, 

well yes "disabled" is the wrong word, but we encounter alot of issues with RA VPN ...
iam not sure if "misconfiguration" is the only case ... 
it works before HFA installation, after it, RA VPN fails ...

i just want to collect some feedback from other Check Point users ... i doubt to believe we are the only one running into this issues?

 

0 Kudos
Martin_Peinsipp
Contributor

 Hi!

As Thomas mentioned, "disabled" was the wrong wording.

The clients are able to establish the vpn-client-connection, but the overall traffic (which is routed through the vpn-tunnel) was dropped by the clean-up-rule. The overall remote-access worked fine right before the installation of the jumbo-take. Because of this, a misconfiguration can be excluded!

All your provided SKs are not relevant for this issue.

 

BR
Martin

 

0 Kudos
G_W_Albrecht
Legend
Legend

I did not think that any of the cited SKs above were relevant for your issue (that i do know nearly no details about) - i was just answering the general question posted. If the cleanup rule kills a packet that should come thru, either the rule that should match it is misconfigured or we see a new bug here. As the rue base did work before it would be for TAC to find out why it stopped to work!

0 Kudos
PhoneBoy
Admin
Admin

Perhaps certain JHF have bugs related to Remote Access VPN.
We’d probably need to gather some specific details through the TAC.

0 Kudos
Thomas_Eichelbu
Collaborator

Hello, 

maybe we can try to reproduce it and generate some logs.
Since we are all gifted with the COVID-19 crap, customers heavily depend on Client VPN, messing around with it is not really welcomed ... 
But perhaps we are lucky to get some data!

best regads
Thomas.

0 Kudos