This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sobife
Explorer
‎2025-01-10 07:44 AM

Computer loses Network Connection after Check Point Mobile VPN connects successfully

Hello everyone,

I’m experiencing an issue with the Checkpoint Mobile Client on two different devices (a virtual machine and a notebook), where there is no data flow over the VPN tunnel after the connection is successfully established. The connection is initiated but breaks shortly after because no data can be sent or received through the tunnel. Here are the details:

  • Device 1 (Virtual Machine):
    Windows 11 24H2 is running in VirtualBox (Host: Windows 10). In NAT mode, the VPN tunnel works perfectly. However, when I switch the network adapter to Bridged mode so that the VM gets its own IP address from the Fritzbox router, the problem occurs. The tunnel is established, but no data flows through it, and shortly after, the connection drops with an error message stating that the gateway is not responding.

  • Device 2 (Notebook):
    The same issue occurs here, regardless if WIFI or Ethernet (direct connection to the Fritzbox). After the connection is established, the VPN client sends keep-alive packets, but no response is received. Shortly after, the connection also drops.

Error Messages from the Checkpoint Mobile Client Log:

  • No reply from the gw ip=11.11.11.11 for tunnel test packet. Office Mode IP=22.22.22.22
  • IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.

Steps I’ve Already Tried:

  1. Routing: Checked routes on both the VM and the notebook. No obvious issues. The default route correctly goes through the VPN.
  2. Firewall: Checked the Fritzbox firewall. IPsec passthrough is enabled. No blocked ports or protocols were found.
  3. MTU: Reduced the MTU value on both devices (down to 1300). No improvement.
  4. Alternative Networks: Tested the connection via a mobile hotspot – the VPN tunnel works perfectly in this case.
  5. DNS Settings: Tried different DNS servers (VPN-assigned and Google DNS). No improvement.

My Suspicion:

I suspect that the issue is either related to the Fritzbox configuration (routing or NAT) or the handling of the Office Mode IP by the Checkpoint Mobile Client.

Questions:

  1. Are there any known issues with the Checkpoint Mobile Client in combination with Fritzbox routers (e.g., Bridged mode or NAT)?
  2. What additional steps can I take to further diagnose or resolve the problem?

Thank you in advance for your support!

Note: I’m not very good at English, so I used ChatGPT to help me write this text.

12 Replies
thiagonavarro
Explorer
‎2025-01-14 12:37 PM

I have the same problem, generating the same error, same version of Windows 11. Help US!

 

0 Kudos
_Val_
Admin
Admin
‎2025-01-15 12:20 AM

Please look into https://support.checkpoint.com/results/sk/sk182749 for resolution

0 Kudos
thiagonavarro
Explorer
‎2025-01-16 04:54 AM
In response to _Val_

 

Good Morning,

 

The solution presented is restricted.

brave_99ULQHqznY.png

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-16 09:52 AM
In response to thiagonavarro

The content of this SK is largely discussed here: https://community.checkpoint.com/t5/Remote-Access-VPN/Windows-11-24H2-Remote-Access-VPN/m-p/229233#M... 
Unless you can convince your admin to make the gateway-level changes, you'll most likely need to edit trac.defaults locally.

0 Kudos
sobife
Explorer
‎2025-01-16 10:05 AM
In response to PhoneBoy

May someone that has the permission to read this document, post the solution here? i dont get why it is restricted. 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-16 12:07 PM
In response to sobife

Unfortunately, some SKs require you to have a Support Agreement to access.
We cannot directly copy/paste SKs to the community. 
However, the thread I linked to has all the information in that SK.
Specifically, you change the following line in trac.defaults on the client:

route_conflict_resolution_method STRING "delete_create" GLOBAL 1

to

route_conflict_resolution_method STRING "modify" GLOBAL 1

Whether that will work in your case or not is a separate question.

0 Kudos
(1)
sobife
Explorer
‎2025-01-16 12:37 PM
In response to PhoneBoy

Thank you for that. Unfortunately that is a solution for this problem that a colleague of mine found somewhere else. we already tried it and it didnt work in this case. is there a hint if this is a problem of windows or checkpoint?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-16 01:30 PM
In response to sobife

There should be an option on the client to "Collect Logs."
Perhaps some clue will be present in those logs.
Otherwise, all I can suggest is engaging the TAC. 

0 Kudos
leszczynski
Explorer
‎2025-02-21 12:34 AM
In response to PhoneBoy

Hi, I made changes in file trac.defaults and I still have this problem

0 Kudos
clausm
Explorer
‎2025-01-27 05:11 AM

I had the same problem, and the issue is the windows update 24H2, is very buggy. So I went back to the previous version 23H2 and it works again. 

0 Kudos
Ungrim_Ironfist
Explorer
‎2025-07-18 08:56 AM

I face the same issue, couple months later. 

What is a stupid workaround that work son my machine is to connect to the VPN, it will kill your connection. 

Go to your network adapter, disable it and enable again. That leaves me with working VPN and internet comes back on. 

BUT when you disconnect from the VPN, it will kill your internet again, forcing you to repeat the procedure. 

 

On a side note, I think it is VERY low, to deny users of a product, the access to potential solutions. This is the only VPN where I have experienced this issue. Forti, Cisco, Windows, Open all run ok.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-22 04:36 PM
In response to Ungrim_Ironfist

Unless you explicitly installed Check Point Mobile, SecuRemote, or Capsule VPN, or are using SNX, Check Point-branded VPN client includes a client-side firewall.
This firewall is configured by the site you connect with and remains active even when disconnected from the VPN.
A common configuration is to not allow Internet access unless connected to the VPN, much like you are experiencing.
This is by design.

You can, of course, try to install one of the above VPN clients.
However, your site may not allow them to be used. 

In short, you need to work with the administrators/helpdesk of the site in question to resolve this issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events