Hello, Dear Checkmates!
I've got a problem with MAB native application via SNX.
Environment info:
- OS/version of the client PC - MS Windows 10/11
- Exact version/JHF take level of gateway - Appliance model is CP 12400, R80.40 + Jumbo Hotfix Take 211
- CVE-2024-24919 Hotfix installed
- Client software: CP Mobile Access Portal Agent 800.007.049, CP SSL Network Extender 7.01.0000
Steps to reproduce:
1. User enters MAB Portal, using Cert and password
2. User connects in order to start Native Application (RDP)
3. Checkpoint client software starts connection but suddenly terminates
The issue has appeared after R80.40 Jumbo Hotfix Take 211 and CVE-2024-24919 Hotfix installation. It worked fine before.
There is another one strange thing - User can connect, when he is in the office. But when he tries to connect from home (using home wifi) - no luck.
Please, give a direction or an advice.
Thank you!
slimsvc.log snippet:
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Creating a new connection
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tunnel] set_exclude_proxy_ip: exclude_proxy_ip = 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Connecting to gw: 0xac1e29fe, port: 443:
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tunnel] set_use_proxy: used_proxy=0 proxy_ip = 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][fwasync] fwasync_make_connection: ac1e29fe/443: dowait is -1 sock is 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][] SkSetTCP_NODELAY: fd=1080: Invalid Argument
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: SkSetTCP_NODELAY returned -1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Connection created successfully
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: command processed start=969, end=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Continuing loop
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Start parsing stream (2): start=969, end=984, len=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Command: rcv_cmd=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Length: rcv_len=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::recognize_command: received UNKNOWN OR UNSUPPORTED COMMAND 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::msg_invoke: Could not find a command to run for 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: command processed start=977, end=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Continuing loop
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: Entering on socket 0x43c
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: Read 12 bytes from socket 0x43c
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: passed the SetLen!
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Entering -----------------------------------
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Beginning: start=977, end=984, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: buf: 174daa4
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Message fits into buffer: start=977, end=996, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Start parsing stream (1): start=977, end=996, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Command: rcv_cmd=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Invalid Length: 385876224
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: cleaning trashed buffer
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_err_invoke: enter. the messaging object is active
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::close: [SEVERE] could not close connection. Connection 1084 was not found
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::close: Failed to close pipe
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][protocols] dp::OnError: Entered with error #373 (Received message(s) do(es) not fit into buffer)
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_ctrl_ex: Called with ctrl_code 4
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Called with [current_state = 4] [exit_code = 0] [wait_hint = 5000]
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Reporting service is running
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_ctrl_ex: Called with ctrl_code 4
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Called with [current_state = 4] [exit_code = 0] [wait_hint = 5000]
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Reporting service is running
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][] fwasync_connected_failed: 1080 from exception
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link_fwasync_client_handler_wrapper: failed to create conn
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_end_conn: scheduling the end of connection 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][] T_event_do_del: failed to remove WSAsocket event
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_do_end_conn: closing connection 1080 (conn=175add8)
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link:: ssl_link_fwasync_end_handler: ending connection
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][proxy_authentication] isExist: Not Using proxy.
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_tunnel::link_failure_cb: got link failure, close tunnel
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_do_end_conn: end closing connection 175add8 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] tunnel_stop_handler: called!
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link:: ~ssl_link: delete link
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_tunnel::tunnel_stop: error: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][protocols] tunnel_down_cb_my: Disconnecting SSL tunnel...
.png "Wolfgang"){kind=avatar}
