Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ludovic
Explorer
Jump to solution

SSL Network Extender Issue with new certificat

Hello,

I'm facing a issue since I have change my certificat for my "mobile access".
The acces worked fine before I replace the certificat
Since I replaced it this morning, I can't use SSL Network Extender. No probleme to log on the portal. I can check that it's my new certificat. But when I ckick on "connecter" to execute the SSL network Extender I have a issue. Of course I had accept the warning about fingerprint, but after that It's failed. Depend on the client, with firefox and Chrome, I have no warning. With Internet Explorer I have a connection error to the gateway.

I am in version  80.40

Is there anyone which have an idea to resolve this issue ?

Thank in advance

Ludovic

0 Kudos
2 Solutions

Accepted Solutions
JH_Ranger
Participant

Just experienced the same thing. TAC haven't suggested anything meaningful, but while they were busy going through the documentation, I decided to reboot the firewalls (one SGM at a time), and this seems to have fixed the issue.

View solution in original post

0 Kudos
JH_Ranger
Participant

It turns out that running "cvpnrestart" in Expert mode (on each SGM, if running Maestro) restarts the cvpn daemon. Doing it this way won't require a reboot. 

I found it while thumbing through the admin guides.
cvpnrestart (checkpoint.com)

View solution in original post

0 Kudos
(1)
9 Replies
G_W_Albrecht
Legend Legend
Legend

Did you check that DNS resolution succeeds for 3rd party CA ? See sk105246 for a description of a similar issue.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Ludovic
Explorer

Thank for your reply.
I checked the DNS resolution, It works fine. About the sk105246, It's not the same issue because I can log on the portal without certificat issue. The problem is when I want to use SSL Network Extender.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Did you look into vpnd.elg on GW ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Ludovic
Explorer

Thank for your reply. No I didn't look at this log file. I just checked it and didn't see message which can be different today.

I have some Warning:cp_timed_blocker_handler but like the others days.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Better open SR# with TAC to get this resolved !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Gregg_Hamby
Explorer

I have this same issue. R80.40 gateway. SNX working fine for years. Internal cert had expired as we needed to renew it and now SNX fails and simply gives the generic "Cannot establish connection to the SSL network extender gateway." I have opened a TAC case but am curious if anything else came of this?

Thanks.

0 Kudos
Gregg_Hamby
Explorer

Hello. I have this same issue. Were you able to resolve this and if so how? Thanks.

0 Kudos
JH_Ranger
Participant

Just experienced the same thing. TAC haven't suggested anything meaningful, but while they were busy going through the documentation, I decided to reboot the firewalls (one SGM at a time), and this seems to have fixed the issue.

0 Kudos
JH_Ranger
Participant

It turns out that running "cvpnrestart" in Expert mode (on each SGM, if running Maestro) restarts the cvpn daemon. Doing it this way won't require a reboot. 

I found it while thumbing through the admin guides.
cvpnrestart (checkpoint.com)

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events