Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hermano_Pereira
Participant
Jump to solution

VPN E80.71 in MacOS X 10.13.2

Hello,

Does anyone tried "endpoint security vpn" E80.71 in MacOS 10.13.2 ?

I tried in several machines and the connection is successful, but no connectivity...

The gateway is R80.10 with Jumbo 56.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Hermano_Pereira
Participant

Exactly the same symptoms you describe! At the same time we had problems with legacy authentication, but the real solution is to disable the desktop firewall.

This version for MAC includes desktop firewall... So if you can, edit the ttm file on the gateway and change the "default" of "enable_firewall" from "true" to "client_decide"

The client default is false.

...

:enable_firewall (
                        :gateway (
                                :map (
                                        :false (false)
                                        :true (true)
                                        :client_decide (client_decide)
                                )
                                :default (client_decide)
                        )
                )

...

Best regards

View solution in original post

0 Kudos
5 Replies
Hermano_Pereira
Participant

Hello,

It seems  the problem is related with legacy authentication... after changing the object to a Role and client re-installation, VPN it's working.

Thanks!

Patrick_Milroy
Explorer

Hi Hermano,

What sort of symptoms were you seeing from the client? I am having a similar issue, where using the VPN client works fine on MacOS 10.13.1, but on 10.13.2 the client authenticates successfully, but does not pass any traffic eg. if I try SSH to a known IP address, I receive an "Operation not permitted" message, and can't see any traffic from the client in our FW logs.

Thanks!

Hermano_Pereira
Participant

Exactly the same symptoms you describe! At the same time we had problems with legacy authentication, but the real solution is to disable the desktop firewall.

This version for MAC includes desktop firewall... So if you can, edit the ttm file on the gateway and change the "default" of "enable_firewall" from "true" to "client_decide"

The client default is false.

...

:enable_firewall (
                        :gateway (
                                :map (
                                        :false (false)
                                        :true (true)
                                        :client_decide (client_decide)
                                )
                                :default (client_decide)
                        )
                )

...

Best regards

0 Kudos
Hermano_Pereira
Participant

This is a workaround..., maybe its possible to do something in the MacOS system configuration. I´m not a Mac user Smiley Happy

We route all vpn traffic to the gateway, and our "endpoint security VPN" desktop firewall policy is allow_all, so this workaround is a solution for our Mac users. Windows users use "Checkpoint mobile for windows".

If there is anyone with more ideas... it would be great Smiley Happy

Best regards.

0 Kudos
Patrick_Milroy
Explorer

Thanks so much Hermano! That seems to have solved our issue.

Cheers,

Patrick

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events