This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Advisor
Thursday
Jump to solution

VPN disconnects when turning off the screen on iPad

Hi everyone.

We have an issue with connectivity consistence ONLY on iPads. I will try to explain it in steps.

==Mobile Access is not enabled on the gateway, so VPN connection occurs over SSL==

1. User opens and connects using Capsule Connect. Everything works properly.

2. User turns off the screen and goes away for 10 minutes. We tested for 10 minutes because tunnel doesn't drop in, say, 4 minutes.

3. Capsule Connect logging seems to be stopped during these 10 minutes.

4. When the user comes back and turns on the screen, VPN indicator is visible on the notification bar, but there is no traffic (verified by tcpdump on the gateway).

5. The moment user goes to the Capsule Connect application, the VPN timer seems to reset and starts from 00:00.

6. The traffic seems to ONLY start flowing when the user goes back to some other applications that communicate with internal resources. This is again confirmed by tcpdump.

 

We already have updated to the latest iPadOS 18.3.2, and on the gateway we have R81.10 JHF Take 172. We can see that for the time the screen is off on iPad, Capsule Connect stopped logging (no logs with the relevant timestamps during that 10 minutes). And, sadly due to log rotation (yes, we missed that part), we lost the relevant vpnd logs on the gateway.

Before organizing everyone again to conduct debug, changing the number of vpnd.elg files in a maintenance window and run another lap, I wanted to ask if anyone has dealt with a similar behavior. This doesn't happen on Android, but happens on all different versions on iPads. We need to understand if this is a Check Point issue or an iPad issue.

 

Cheers!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
yesterday
Jump to solution

Based on a quick Internet search, this looks like the result of a long-standing iOS limitation unrelated to Check Point.

View solution in original post

0 Kudos
9 Replies
the_rock
Legend
Legend
Thursday
Jump to solution

I could have sworn I saw someone had this issue before and they posted about it on community and it turned out to be some setting on Ipad that was causing it, just cant remember what : - (

Andy

0 Kudos
kamilazat
Advisor
yesterday
In response to the_rock
Jump to solution

I've been searching for that post for days already. Failed epically 🙂

Before I open a TAC ticket and waste their timely resources for such a topic, would you think it's an iOS or iPadOS issue if the debug logging stops completely the moment screen gets turned off? How would you even prove it? iOS doesn't allow me to see system logs. I love android  🙂

0 Kudos
the_rock
Legend
Legend
yesterday
In response to kamilazat
Jump to solution

I think people could argue for days on end which OS is better, but lets not go there lol. Anyway, let me see if I can find recent post where someone modified trac ttm file to resolve ipad issues.

Andy

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
yesterday
Jump to solution

Have you checked if the app is restricted from running in the background and if it's excluded from power savings constraints etc?

Are you in a position to test the device whilst it is on charge?

CCSM R77/R80/ELITE
0 Kudos
kamilazat
Advisor
yesterday
In response to Chris_Atkinson
Jump to solution

Yes. That was the first thing we checked since the application logging seems to stop when the screen turns off. Nothing...

the_rock
Legend
Legend
yesterday
Jump to solution

For what is worth, here is Copilot answer:)

Andy

***********************

This issue can occur due to various reasons, such as power-saving settings on the iPad, VPN client settings, or network configurations. Here are some steps you can take to troubleshoot and resolve the issue:

Troubleshooting Steps

  1. Check Power-Saving Settings:

    • Ensure that the iPad's power-saving settings are not set to disconnect the network when the screen is turned off. You can check this in the iPad's settings underSettings > Battery > Low Power Mode.

  2. VPN Client Settings:

    • Make sure that the VPN client settings are configured to maintain the connection even when the device is idle or the screen is off. For Check Point Capsule Connect, you can enable the "Auto Reconnect" feature:
      • Go toSettings > VPN > Capsule Connectand enable "Auto Reconnect".

  3. Network Configuration:

    • Ensure that the network configuration on the VPN server is set to allow persistent connections. Check the session timeout settings and increase them if necessary.

  4. Update VPN Client:

    • Ensure that you are using the latest version of the Check Point Capsule Connect application. You can download the latest version from the Apple App Store.

  5. Re-authentication Settings:

    • For iOS clients, the session timeout comes from Global Properties > Remote Access > SecureClient Mobile > Re-authenticate user every X. Ensure that this setting is configured appropriately.

Additional Resources

If the issue persists after following these steps, you may need to contact Check Point Support for further assistance. You can open a ticket at the Check Point Support Center.

BE AWARE
Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.
Learn more:
  1. sk122537 - Various Remote Access VPN clients with an Office Mode IP assignment from DHCP are disconn...
  2. sk140252 - "Malformed reply from site" error message when Capsule Connect / VPN disconnects after 20...
  3. sk69540 - Check Point Capsule Connect application - Layer-3 VPN for Apple iPhone and iPad
  4. Harmony SASE Administration Guide - User-Profiles
  5. sk173867 - Endpoint Security VPN Client loses connection to DNS server after disconnecting from VPN
  6. sk182134 - Identity Collector does not connect to the Security Gateway
  7. sk182225 - Harmony SASE Frequently Asked Questions (FAQ)
  8. sk169985 - Capsule VPN for iOS fails to connect to the Security Gateway with error "Failed to read r...
  9. sk122000 - "Failed to parse response - Malformed ostring" error message when Capsule Connect on iOS ...
0 Kudos
PhoneBoy
Admin
Admin
yesterday
Jump to solution

Based on a quick Internet search, this looks like the result of a long-standing iOS limitation unrelated to Check Point.

0 Kudos
the_rock
Legend
Legend
yesterday
Jump to solution

Based on what Phoneboy said, seems its a limitation not tied to CP side.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend
4 hours ago
In response to the_rock
Jump to solution

I can read that in his post already...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events