This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Homer
Explorer
‎2024-01-30 07:50 AM

Endpoint Security - Entra ID Auth - No reply from the gw / Site is not responding

Hello all!

my first post I've ever made here, with an error that's driving me crazy!

Endpoint Security Client: E87.60 Build 986105018
Checkpoint 6200P Cluster: R81.10 take 335

I've been trying to secure our VPN connection with MFA for a year with Endpoint Security Client and Entra ID . However, I cannot switch authentication for all users, because there is an onnoying problem with the new identity provider (Microsoft Entra ID).

I already had tickets open regarding that topic, that had been passed on to the escalation engineer. Unfortunately, no solution was provided after gathering a lot of logs over months. The engineer was very rude and kept asking for new logs without providing a solution.

I would like to hear your opinion and at the same time ask if you know the problem?

 

Explanation:

- Microsoft Entra ID is used as an identity provider. 
See link: https://learn.microsoft.com/de-de/entra/identity/saas-apps/check-point-remote-access-vpn-tutorial
- Multifactor authentication is required when establishing a connection. -> Everything fine.

But after a few hours the VPN connection no longer works

Helpdesk.log from Endpoint Security Client (Advanced Logging)

[21 Feb 17:04:03] No reply from the gw ip=X.X.X.X for tunnel test packet. Office Mode IP=A.A.A.A, source port=18009.
[21 Feb 17:04:05] No reply from the gw ip=X.X.X.X for tunnel test packet. Office Mode IP=A.A.A.A, source port=18010.
[21 Feb 17:04:08] IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.
[21 Feb 17:04:08] Client state is connected
[21 Feb 17:04:08] Tunnel (2) disconnected. State is connected. Trying to reconnect.
[21 Feb 17:04:18] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Feb 17:04:18] Client state is reconnecting
[21 Feb 17:04:18] Reconnect failed. trying again (2)

......
[21 Feb 17:06:17] Client state is reconnecting
[21 Feb 17:06:17] State reconnecting. Roaming timeout is reached, cancelling connection (2)

Site is not responding --> There is no vpn error with user/password authentication at the same time for hundreds of users.

It looks like there is an error with vpn phase 1 or 2, by using Entra ID.

The problem can be solved for a few hours by reestablishing the VPN connection.

The time, in which the connection works fine without problems can be influenced by changing the DHCP lease time.

- If the DHCP Lease Time is 60 minutes, the problem occurs several times a day. (4-5 times in 8 hours with vpn connection)
- If the DHCP Lease Time is 960 minutes, the error only occurs once every 2-3 days.

Automatic DHCP lease: the DHCP Lease time is configured to the same value on our DHCP Server. -> Same error

Manual (using IP pool): Using CP as DHCP Server--> Same error with manual IP Pool.

 

Global properties -> Remote Access --> Endpoint Connect

Re-authenticate user every is set to 720 minutes according Checkpoint recommendation.

 

Question:

Does anyone have the same problem or any advice?

 

 

 

 

 

 

 

 

Preview file
37 KB
Preview file
42 KB
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events