This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DiegoFretes
Contributor
‎2025-07-10 07:29 AM

I cannot connect to the internal network after disconnecting from the VPN endpoint

I cannot connect to the internal network after disconnecting from the VPN endpoint. I have the compliance and policy server blades active.

Apparently disconnecting from the vpn does not remove the vpn gw from your routing table, only by uninstalling the endpoint and rebooting the computer can you reconnect to the internal resources.

Anyone had a similar case or could guide me to the resolution of this case?

route print connected to the vpn:

route print.png

Route print disconected to the vpn:

imagen (2).png

0 Kudos
10 Replies
Chris_Atkinson
Employee Employee
Employee
‎2025-07-10 07:40 AM

This would not be considered normal, have you engaged with TAC on this issue?

Please confirm OS and Endpoint client version?

CCSM R77/R80/ELITE
0 Kudos
DiegoFretes
Contributor
‎2025-07-10 11:56 AM
In response to Chris_Atkinson

I wanted to try to solve it before communicating with the tac.

This happens on any version of endpoint on any OS (it has happened to me on windows as well as on MAC).

In the specific case of the shared images, it is windows10 and E88.70.

0 Kudos
the_rock
Legend
Legend
‎2025-07-10 12:20 PM
In response to DiegoFretes

One sec, just to make sure I get this right. Its totally normal if you are remote once you disconnect that access breaks. Now, if you are at the office, it would make no sense to connect to VPN to begin with...am I missing something?

Andy

0 Kudos
DiegoFretes
Contributor
‎2025-07-10 12:24 PM
In response to the_rock

Here's what happens:
In the evening, I log on from home for work, connect to the VPN, finish my tasks and log off.
The next day, I go back to the office, but I can no longer access any office resources without having to uninstall the vpn agent.

0 Kudos
the_rock
Legend
Legend
‎2025-07-10 12:27 PM
In response to DiegoFretes

Ah, got it, makes sense now. I would try E89 client, if no luck, would 100% open TAC case. Just to be positive its not PC issue, maybe try same client on another machine, see if issue is there.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-10 12:35 PM

This is a function of the site you are connecting to, which can do things like restrict your ability to use the Internet when not connected to the VPN.
The administrator can allow access to the local network with something like: https://support.checkpoint.com/results/sk/sk130832 

0 Kudos
the_rock
Legend
Legend
‎2025-07-10 12:48 PM
In response to PhoneBoy

Hey @PhoneBoy 

I always wondered about that and forgive me if this may sound like a dumb question, but I always thought if hub mode is off (split tunnel), that option would be always greyed out and when connected to VPN, ONLY local access would work. By local, I meant whatever is allowed behind the CP gateway/cluster.

No?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-10 01:13 PM
In response to the_rock

Hub Mode means Route All Traffic when enabled.
That setting can be left settable by the end user (so-called Client Decide) or it can be forced.
Once you connect to a site that requires/forces the Route All Traffic setting, you cannot disable it.

The ability for the remote access client to connect to their local network is only permitted in Hub Mode if the relevant option is set as described.

0 Kudos
the_rock
Legend
Legend
‎2025-07-10 01:25 PM
In response to PhoneBoy

Right right, thats true, but I think you confirmed what I suspected...if hub mode is off, then there does not seem to be the need to modify anything with the file.

Andy

0 Kudos
DiegoFretes
Contributor
‎2025-07-21 10:24 AM

 

I found in the cpinfo that the endpoint has in the desktop policy a rule called rule 3 that denies the traffic. But I don't see this rule in the desktop policy in the smartdashboard. Is there any way to remove it by console?

#

)
:rule-3 (
:src ()
:dst (
:compound (
: ("All Users"
:type (usrgroup)
:at (Any
:type ()
:ipaddr ()
)
)
)
)
:svc ()
:act (Block)
:trk (None)

#

 

 

Preview file
38 KB
Preview file
41 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events