Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fastforza
Explorer

SSL VPN not working after upgrading to latest recommended R80.40 JHF 206

Greetings,

SSL VPN stopped working on our cluster after upgrading to the latest recommended version JHF 206, after JHF 198. When our cluster was at JHF 198, SSL VPN worked without any issues.

We're trying to connect from Windows 11 PCs, the version of SNX on our cluster is 800008304(recommended version).

What happens is, when i log in to our SSL VPN website, then click on "Connect" in Native Applications, the Status is "connecting" until SNX disconnects by itself. Looking at the logs on the cluster, there isn't too much info aswell on why this is happening after the upgrade, the SNX connection is allowed, then it's denied for some reason. I'll attach the logs so they can be viewed.

Any help is appreciated on why this issue started happening after the upgrade.

Best Regards

0 Kudos
2 Replies
Fastforza
Explorer

Quick update:

After reverting back to JHF Take 198, SSL VPN works again on the cluster without any issues.

On the following list of resolved issues for R80.40 - https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/R80.40-List-of-all-Resolved-Issues.htm , from Take 198 to Take 206 , there is only one change regarding Mobile Access and it states the following:

PRJ-49743, PMTR-95099 - Mobile Access - "UPDATE: SNX used to connect back to Mobile Access Blade's portal FQDN by resolving its IP address locally. This method makes it sensitive to DNS poisoning attacks such as those specified by TunnelCrack. Therefore, it was modified to connect back to the Security Gateway / Cluster member IP address by default."

Could this be causing the issue on JHF Take 206? Can someone explain it more in detail what does this change mean?

Regards

0 Kudos
_Val_
Admin
Admin

Please open a TAC case for this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events