- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: SSL Network Extender Issue with new certificat
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL Network Extender Issue with new certificat
Hello,
I'm facing a issue since I have change my certificat for my "mobile access".
The acces worked fine before I replace the certificat
Since I replaced it this morning, I can't use SSL Network Extender. No probleme to log on the portal. I can check that it's my new certificat. But when I ckick on "connecter" to execute the SSL network Extender I have a issue. Of course I had accept the warning about fingerprint, but after that It's failed. Depend on the client, with firefox and Chrome, I have no warning. With Internet Explorer I have a connection error to the gateway.
I am in version 80.40
Is there anyone which have an idea to resolve this issue ?
Thank in advance
Ludovic
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just experienced the same thing. TAC haven't suggested anything meaningful, but while they were busy going through the documentation, I decided to reboot the firewalls (one SGM at a time), and this seems to have fixed the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It turns out that running "cvpnrestart" in Expert mode (on each SGM, if running Maestro) restarts the cvpn daemon. Doing it this way won't require a reboot.
I found it while thumbing through the admin guides.
cvpnrestart (checkpoint.com)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you check that DNS resolution succeeds for 3rd party CA ? See sk105246 for a description of a similar issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank for your reply.
I checked the DNS resolution, It works fine. About the sk105246, It's not the same issue because I can log on the portal without certificat issue. The problem is when I want to use SSL Network Extender.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you look into vpnd.elg on GW ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank for your reply. No I didn't look at this log file. I just checked it and didn't see message which can be different today.
I have some Warning:cp_timed_blocker_handler but like the others days.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Better open SR# with TAC to get this resolved !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have this same issue. R80.40 gateway. SNX working fine for years. Internal cert had expired as we needed to renew it and now SNX fails and simply gives the generic "Cannot establish connection to the SSL network extender gateway." I have opened a TAC case but am curious if anything else came of this?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. I have this same issue. Were you able to resolve this and if so how? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just experienced the same thing. TAC haven't suggested anything meaningful, but while they were busy going through the documentation, I decided to reboot the firewalls (one SGM at a time), and this seems to have fixed the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It turns out that running "cvpnrestart" in Expert mode (on each SGM, if running Maestro) restarts the cvpn daemon. Doing it this way won't require a reboot.
I found it while thumbing through the admin guides.
cvpnrestart (checkpoint.com)