Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VPN E80.71 in MacOS X 10.13.2

Jump to solution

Hello,

Does anyone tried "endpoint security vpn" E80.71 in MacOS 10.13.2 ?

I tried in several machines and the connection is successful, but no connectivity...

The gateway is R80.10 with Jumbo 56.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Exactly the same symptoms you describe! At the same time we had problems with legacy authentication, but the real solution is to disable the desktop firewall.

This version for MAC includes desktop firewall... So if you can, edit the ttm file on the gateway and change the "default" of "enable_firewall" from "true" to "client_decide"

The client default is false.

...

:enable_firewall (
                        :gateway (
                                :map (
                                        :false (false)
                                        :true (true)
                                        :client_decide (client_decide)
                                )
                                :default (client_decide)
                        )
                )

...

Best regards

View solution in original post

0 Kudos
5 Replies
Highlighted

Hello,

It seems  the problem is related with legacy authentication... after changing the object to a Role and client re-installation, VPN it's working.

Thanks!

Highlighted

Hi Hermano,

What sort of symptoms were you seeing from the client? I am having a similar issue, where using the VPN client works fine on MacOS 10.13.1, but on 10.13.2 the client authenticates successfully, but does not pass any traffic eg. if I try SSH to a known IP address, I receive an "Operation not permitted" message, and can't see any traffic from the client in our FW logs.

Thanks!

Highlighted

Exactly the same symptoms you describe! At the same time we had problems with legacy authentication, but the real solution is to disable the desktop firewall.

This version for MAC includes desktop firewall... So if you can, edit the ttm file on the gateway and change the "default" of "enable_firewall" from "true" to "client_decide"

The client default is false.

...

:enable_firewall (
                        :gateway (
                                :map (
                                        :false (false)
                                        :true (true)
                                        :client_decide (client_decide)
                                )
                                :default (client_decide)
                        )
                )

...

Best regards

View solution in original post

0 Kudos
Highlighted

This is a workaround..., maybe its possible to do something in the MacOS system configuration. I´m not a Mac user Smiley Happy

We route all vpn traffic to the gateway, and our "endpoint security VPN" desktop firewall policy is allow_all, so this workaround is a solution for our Mac users. Windows users use "Checkpoint mobile for windows".

If there is anyone with more ideas... it would be great Smiley Happy

Best regards.

0 Kudos
Highlighted

Thanks so much Hermano! That seems to have solved our issue.

Cheers,

Patrick