Solved: Problems with SNX Network Extender after installin...

Grigoriy

Hello, Dear Checkmates!

I've got a problem with MAB native application via SNX.

Environment info:

OS/version of the client PC - MS Windows 10/11
Exact version/JHF take level of gateway - Appliance model is CP 12400, R80.40 + Jumbo Hotfix Take 211
CVE-2024-24919 Hotfix installed
Client software: CP Mobile Access Portal Agent 800.007.049, CP SSL Network Extender 7.01.0000

Steps to reproduce:

1. User enters MAB Portal, using Cert and password

2. User connects in order to start Native Application (RDP)

3. Checkpoint client software starts connection but suddenly terminates

The issue has appeared after R80.40 Jumbo Hotfix Take 211 and CVE-2024-24919 Hotfix installation. It worked fine before.

There is another one strange thing - User can connect, when he is in the office. But when he tries to connect from home (using home wifi) - no luck.

Please, give a direction or an advice.

Thank you!

slimsvc.log snippet:

[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Creating a new connection
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tunnel] set_exclude_proxy_ip: exclude_proxy_ip = 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Connecting to gw: 0xac1e29fe, port: 443:
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tunnel] set_use_proxy: used_proxy=0 proxy_ip = 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][fwasync] fwasync_make_connection: ac1e29fe/443: dowait is -1 sock is 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][] SkSetTCP_NODELAY: fd=1080: Invalid Argument
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: SkSetTCP_NODELAY returned -1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Connection created successfully
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: command processed start=969, end=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Continuing loop
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Start parsing stream (2): start=969, end=984, len=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Command: rcv_cmd=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Length: rcv_len=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::recognize_command: received UNKNOWN OR UNSUPPORTED COMMAND 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::msg_invoke: Could not find a command to run for 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: command processed start=977, end=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Continuing loop
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: Entering on socket 0x43c
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: Read 12 bytes from socket 0x43c
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: passed the SetLen!
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Entering -----------------------------------
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Beginning: start=977, end=984, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: buf: 174daa4
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Message fits into buffer: start=977, end=996, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Start parsing stream (1): start=977, end=996, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Command: rcv_cmd=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Invalid Length: 385876224
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: cleaning trashed buffer
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_err_invoke: enter. the messaging object is active
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::close: [SEVERE] could not close connection. Connection 1084 was not found
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::close: Failed to close pipe
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][protocols] dp::OnError: Entered with error #373 (Received message(s) do(es) not fit into buffer)
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_ctrl_ex: Called with ctrl_code 4
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Called with [current_state = 4] [exit_code = 0] [wait_hint = 5000]
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Reporting service is running
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_ctrl_ex: Called with ctrl_code 4
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Called with [current_state = 4] [exit_code = 0] [wait_hint = 5000]
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Reporting service is running
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][] fwasync_connected_failed: 1080 from exception
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link_fwasync_client_handler_wrapper: failed to create conn
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_end_conn: scheduling the end of connection 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][] T_event_do_del: failed to remove WSAsocket event
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_do_end_conn: closing connection 1080 (conn=175add8)
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link:: ssl_link_fwasync_end_handler: ending connection
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][proxy_authentication] isExist: Not Using proxy.
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_tunnel::link_failure_cb: got link failure, close tunnel
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_do_end_conn: end closing connection 175add8 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] tunnel_stop_handler: called!
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link:: ~ssl_link: delete link
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_tunnel::tunnel_stop: error: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][protocols] tunnel_down_cb_my: Disconnecting SSL tunnel...

the_rock

https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/Important-Notes.htm?tocpath=_____2

https://support.checkpoint.com/results/sk/sk181805

View solution in original post

_Val_

I would suggest opening a TAC case, but it seems R80.40 is out of support for a while... You still can, if you have a support contract. Also, location related behavior is a sign that this is most likely not HF-related

the_rock

I believe I saw someone mention the same issue yesterday after installinbg jumbo 65, so as Val said, probably TAC case might be the best idea.

Andy

MatanYanay

Hi @Grigoriy and @the_rock it may be related to the important note we have in the jumbo ( should be fixed in the next jumbo we plan to release during June for R81.20 and R81.10?)

please remember to review our important note section in each jumbo doc which contains issues we are familiar and working to fix or have already been fix in future takes

Grigoriy

Hello,

The problem is it is a 12400 appliance and the maximum is Gaia R80.40 JHX T211(((

the_rock

https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/Important-Notes.htm?tocpath=_____2

https://support.checkpoint.com/results/sk/sk181805

the_rock

@Grigoriy Did process in the sk help?

Andy

Grigoriy

Yes,

Thank you!

the_rock

Awesome!

ikafka

I had the same problem after installing R81.20 Jumbo Hotfix 65. I tried Option-1 but it is not solved my issue. Option-2 is works an solved.

Thankss.

the_rock

You mean sk is what fixed it for you?

Andy

the_rock

Trust me @MatanYanay , I ALWAYS read those things, regardless how small or big company is, because no one needs a call at 3 am that stuff is broken : - )

Andy

Are you a member of CheckMates?

Problems with SNX Network Extender after installing Jumbo HotFix