Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
E_Islas
Participant
Jump to solution

SSLVPN not connecting after installing Jumbo Hot Fix Accumulator Take 94

Good morning everyone.

We are in R81.10 with a cluster XL. The SMS is a VM on ESX.

Last Thursday, we installed the Jumbo Hotfix Accumulator Recommended Jumbo Take 94 to solve an issue with Identity Awareness.

The issue was fixed, but after doing that, our remote users can't connect through sslvpn. All other remote access methods work fine, however we have many clients using sslvpn who are unable to access. The connection process stays on the Connecting phase after enter the username and password.

Any advice will be appreciated.

Thanks.

Elfego

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

I did test for this in my lab and here are the results:

-upgrade to jumbo 94 from take 87 caused the issue

-after installing jumbo 95, though not officially recommended yet, all worked again

Andy

View solution in original post

21 Replies
the_rock
Legend
Legend

Do you see any relevant logs in smart console? Have you tried doing zdebug for client external IP for example?

Andy

0 Kudos
E_Islas
Participant

In Smartconsole I don't see any error. About the zdebug, I will be posting the results in a moment.

Thanks Andy for the suggestion.

0 Kudos
the_rock
Legend
Legend

What I meant was this, just to clarify. Say external client IP is 20.30.40.50, just run fw ctl zdebug + drop | grep 20.30.40.50 when they are trying to connect

Andy

0 Kudos
PhoneBoy
Admin
Admin

You've opened a TAC case on this, I presume?
https://help.checkpoint.com 

0 Kudos
E_Islas
Participant

Yes, I already asked the client to involve the TAC.

Thanks for yor answer.

Alex-
Leader Leader
Leader

Same issue when upgrading a customer's cluster from R81.10 T87 to T94, no reaction from the portal after logging in.

No time to troubleshoot unfortunately as the service had to be restored quickly, uninstalling to T87 and the portal works.

0 Kudos
the_rock
Legend
Legend

I did test for this in my lab and here are the results:

-upgrade to jumbo 94 from take 87 caused the issue

-after installing jumbo 95, though not officially recommended yet, all worked again

Andy

G_W_Albrecht
Legend Legend
Legend

Would be fine if this was reported to CP 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Im sure they can see it here and replicate it themselves, its not that hard lol

0 Kudos
Alex-
Leader Leader
Leader

Thanks for checking @the_rock , I will try again when Take 95 or above becomes recommended.

0 Kudos
the_rock
Legend
Legend

No worries, probably better to wait until its recommended, specially since its production.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

They will not see it here, i am sure - without drawing attention... But as TAC is already involved the customer can share the solution and CheckMates Link !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Agree with that Guenther...since there is case already opened for it, @E_Islas would let them know all the findings from this post.

Have a nice weekend.

Andy

0 Kudos
E_Islas
Participant

Thank you, Andy, for your research and suggestions. Since I don't have direct access to the SMS, I'm going to let the customer know what the situation is, and depending on the urgency, they can decide whether to install it or wait until it is officially recommended.

Again, thank you very much.

Elfego

0 Kudos
the_rock
Legend
Legend

Sure, any time, glad it was helpful.

Have a nice weekend!

Andy

 

 

0 Kudos
Blason_R
Leader
Leader

Thats nice to know that - I was going with Take 94 in few days.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
genisis__
Leader Leader
Leader

I suspect Take 95 is going to be GA very soon now as it's been a month today since it was released.

the_rock
Legend
Legend

I think so.

0 Kudos
the_rock
Legend
Legend

I would wait till 95 is recommended take.

0 Kudos
Naama_Specktor
Employee
Employee

Hello @E_Islas 🙂

My name is Naama Specktor and I am Checkpoint employee ,

I will appreciate it if you will send me SR # , here or in PM.

 

Thank you,

Naama 

0 Kudos
E_Islas
Participant

Hi Naama... Of course. I sent to youy the SR#  in PM

I'm sorry for my delayed answer.

 

Elfego

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events