This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Grigoriy
Contributor
‎2024-06-06 04:15 AM
Jump to solution

Problems with SNX Network Extender after installing Jumbo HotFix

Hello, Dear Checkmates!

I've got a problem with MAB native application via SNX.

Environment info:

  • OS/version of the client PC - MS Windows 10/11
  • Exact version/JHF take level of gateway - Appliance model is CP 12400, R80.40 + Jumbo Hotfix Take 211
  • CVE-2024-24919 Hotfix installed
  • Client software: CP Mobile Access Portal Agent 800.007.049, CP SSL Network Extender 7.01.0000

Steps to reproduce:

1. User enters MAB Portal, using Cert and password

2. User connects in order to start Native Application (RDP)

3. Checkpoint client software starts connection but suddenly terminates

The issue has appeared after R80.40 Jumbo Hotfix Take 211 and CVE-2024-24919 Hotfix installation. It worked fine before.

There is another one strange thing - User can connect, when he is in the office. But when he tries to connect from home (using home wifi) - no luck.

Please, give a direction or an advice.

Thank you!

 

slimsvc.log snippet:

[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Creating a new connection
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tunnel] set_exclude_proxy_ip: exclude_proxy_ip = 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Connecting to gw: 0xac1e29fe, port: 443:
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tunnel] set_use_proxy: used_proxy=0 proxy_ip = 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_set: setting brand new socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][fwasync] fwasync_make_connection: ac1e29fe/443: dowait is -1 sock is 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][] SkSetTCP_NODELAY: fd=1080: Invalid Argument
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: SkSetTCP_NODELAY returned -1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][ssl_tunnel] ssl_link_ssl_client_connect: Connection created successfully
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: command processed start=969, end=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Continuing loop
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Start parsing stream (2): start=969, end=984, len=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Command: rcv_cmd=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Length: rcv_len=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::recognize_command: received UNKNOWN OR UNSUPPORTED COMMAND 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::msg_invoke: Could not find a command to run for 0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: command processed start=977, end=984
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Continuing loop
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: Entering on socket 0x43c
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: Read 12 bytes from socket 0x43c
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][tcpserver] tcpipe_socket_rcv_cb: passed the SetLen!
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Entering -----------------------------------
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Beginning: start=977, end=984, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: buf: 174daa4
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Message fits into buffer: start=977, end=996, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Start parsing stream (1): start=977, end=996, len=12
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Command: rcv_cmd=0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: Received Invalid Length: 385876224
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_receive_callback: cleaning trashed buffer
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::_err_invoke: enter. the messaging object is active
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::close: [SEVERE] could not close connection. Connection 1084 was not found
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][messaging] messaging::close: Failed to close pipe
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:22:50][protocols] dp::OnError: Entered with error #373 (Received message(s) do(es) not fit into buffer)
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_ctrl_ex: Called with ctrl_code 4
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Called with [current_state = 4] [exit_code = 0] [wait_hint = 5000]
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Reporting service is running
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_ctrl_ex: Called with ctrl_code 4
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Called with [current_state = 4] [exit_code = 0] [wait_hint = 5000]
[ 9296 2508]@OTIKHOMOLOVAMOB[6 Jun 15:23:05][cpservice] service_report_status_to_scm: Reporting service is running
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][] fwasync_connected_failed: 1080 from exception
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link_fwasync_client_handler_wrapper: failed to create conn
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_end_conn: scheduling the end of connection 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/1
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/0
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][] T_event_do_del: failed to remove WSAsocket event
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][tevent] T_event_do_del: marking for deletion socket/type: 1080/2
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_do_end_conn: closing connection 1080 (conn=175add8)
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link:: ssl_link_fwasync_end_handler: ending connection
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][proxy_authentication] isExist: Not Using proxy.
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_tunnel::link_failure_cb: got link failure, close tunnel
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][fwasync] fwasync_do_end_conn: end closing connection 175add8 1080
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] tunnel_stop_handler: called!
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_link:: ~ssl_link: delete link
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][ssl_tunnel] ssl_tunnel::tunnel_stop: error: Cannot establish connection to SSL Network Extender gateway. Try to reconnect.
[ 9296 8588]@OTIKHOMOLOVAMOB[6 Jun 15:23:11][protocols] tunnel_down_cb_my: Disconnecting SSL tunnel...

 

 

0 Kudos
1 Solution

Accepted Solutions
12 Replies
_Val_
Admin
Admin
‎2024-06-06 04:42 AM
Jump to solution

I would suggest opening a TAC case, but it seems R80.40 is out of support for a while... You still can, if you have a support contract. Also, location related behavior is a sign that this is most likely not HF-related

0 Kudos
the_rock
Legend
Legend
‎2024-06-06 04:45 AM
Jump to solution

I believe I saw someone mention the same issue yesterday after installinbg jumbo 65, so as Val said, probably TAC case might be the best idea.

Andy

0 Kudos
MatanYanay
Employee
Employee
‎2024-06-06 04:52 AM
In response to the_rock
Jump to solution

Hi @Grigoriy  and @the_rock  it may be related to the important note we have in the jumbo ( should be fixed in the next jumbo we plan to release during June for R81.20 and R81.10?)

please remember to review our important note section in each jumbo doc which contains issues we are familiar and working to fix or have already been fix in future takes  

 

 

snx.png

Grigoriy
Contributor
‎2024-06-06 04:55 AM
In response to MatanYanay
Jump to solution

Hello,

The problem is it is a 12400 appliance and the maximum is Gaia R80.40 JHX T211(((

0 Kudos
the_rock
Legend
Legend
‎2024-06-06 06:07 AM
In response to the_rock
Jump to solution

@Grigoriy Did process in the sk help?

Andy

0 Kudos
Grigoriy
Contributor
‎2024-06-06 06:09 AM
In response to the_rock
Jump to solution

Yes,

Thank you!

the_rock
Legend
Legend
‎2024-06-06 06:12 AM
In response to Grigoriy
Jump to solution

Awesome!

0 Kudos
ikafka
Collaborator
‎2024-06-26 02:13 AM
In response to the_rock
Jump to solution

I had the same problem after installing R81.20 Jumbo Hotfix 65. I tried Option-1 but it is not solved my issue. Option-2 is works an solved.

Thankss.

0 Kudos
the_rock
Legend
Legend
‎2024-06-26 05:20 AM
In response to ikafka
Jump to solution

You mean sk is what fixed it for you?

Andy

0 Kudos
ikafka
Collaborator
‎2024-07-11 11:57 PM
In response to the_rock
Jump to solution

Yes SK and Option 2 - Workaround

0 Kudos
the_rock
Legend
Legend
‎2024-06-06 04:58 AM
In response to MatanYanay
Jump to solution

Trust me @MatanYanay , I ALWAYS read those things, regardless how small or big company is, because no one needs a call at 3 am that stuff is broken : - )

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events