- Products
- Learn
- Local User Groups
- Partners
- More
Quantum Spark Management Unleashed!
Introducing Check Point Quantum Spark 2500:
Smarter Security, Faster Connectivity, and Simpler MSP Management!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Since the general availability of Windows 11 24H2, we're noticing around 50% of Windows machines updated to 24H2 are failing to connect with the Remote Access VPN.
I noticed that with the release of Enterprise Endpoint Security E88.41 (https://support.checkpoint.com/results/sk/sk182237) issues with W11 24H2 were addressed, however the latest version of Remote Access VPN is 88.40.
Are other people experiencing similar issues? Since the RA VPN hasn't been updated but the Endpoint Security client has, I'm wondering whether its known there are issues with the RA VPN.
Please, can you try to set the "route_conflict_resolution_method" parameter to "modify" in trac_client_1.ttm file on the gateway and install policy. End users should reconnect in order new value to take effect. Here is excerpt of TTM code:
:route_conflict_resolution_method ( :gateway ( :default (modify) ) )
Trac.defaults has the same option
Documented in: https://support.checkpoint.com/results/sk/sk182749
Assuming this is the true solution to the problem, I would expect us to set route_conflict_resolution_method to modify as the default upon installation of future client versions.
It could also be deployed on the gateway side by including the relevant setting in trac_client_1.ttm (it's currently not specified at all), possibly in a JHF/future version.
If you are still having issue with Windows 11 24h2, Please see SK182749, you could wither modify the gateway or the client side.
https://support.checkpoint.com/results/sk/sk182749
If the issue priests, please open a TAC case.
This was fixed. The fix is included in:
Enterprise Endpoint Security E88.62 (E88.61 Hotfix) Windows Clients
If you are unable to upgrade your client, configure a parameter on the Remote Access VPN Gateway or on the Windows endpoint computers.
Can you please explain what you mean by your statement: "however the latest version of Remote Access VPN is 88.40."
All Endpoint Security releases and latest versions are listed in sk117536, and E88.40 is definitely not the latest release for Windows.
Concerning your issue, you are advised to upgrade your Endpoint Security Client on the problematic machines to E88.41 or later.
Hi chief, our issue is we don't use the Endpoint Security Client, but the standalone remote access VPN client.
On the 88.41 release page the Standalone VPN Client is 88.40
So I'm not sure if this (1) an oversight, (2) a new version will follow later, or (3) no issues are expected with v88.40 of the VPN client with W11 24H2.
The bugs fixed in E88.41 are relevant to the full Endpoint only, I believe.
Does the problem exist in E88.60 (latest for Windows)?
We're having the issue with 24H2 and all E88.x versions. It is hardware independent, multiple makes/model laptops, and also affected our M365 Cloud PC VM's. Rollback of 24H2 seems to be fixing it.
I have TAC SR open since Monday, supplied logs from both sides including Zoom support session, awaiting response. R&D needs to get on this right away.
We are seeing an issue with 24h2 and vpn as well, have tried the latest versions e88.40,41,60 vpn will connect but then drops the network connection in 10-20 seconds. disconnect vpn, then you can reconnect wifi or ethernet
Rollback to 23H2 is the only option to fix. E88.41 or above will only work with 24H2 Early Access versions from Microsoft. 24H2 GA released by Microsoft October 1 must have a major change in it to break VPN. Checkpoint support holding firm on policy that they require 2 months from release of GA version from Microsoft to support it. Hoping Checkpoint can do better but that's their official policy.
See Phase 3 in https://support.checkpoint.com/results/sk/sk115192
This is the only work-a-round I was able to come up with as well. Wondering if you came a crossed a more feasible fix?
Same issue. After disconnecting eth/wifi doesn't work. You have to either reboot the computer (non-admin) or ipconfig /release, renew as admin from cmd
i have also the same case , and the only solved solution if modify the in trac_client_1.ttm file on the gateway. Th client Harmony need a server ip and the remote access client is not the vpn endpoint security client...
E88.70 was released. Please confirm the client type & version used?
Should also be corrected in E88.62 (recent) as well E88.70 (newest) on client side out of the box set to use the route conflict modify setting without any need for manual override.
Please, can you try to set the "route_conflict_resolution_method" parameter to "modify" in trac_client_1.ttm file on the gateway and install policy. End users should reconnect in order new value to take effect. Here is excerpt of TTM code:
:route_conflict_resolution_method ( :gateway ( :default (modify) ) )
Trac.defaults has the same option
Documented in: https://support.checkpoint.com/results/sk/sk182749
sk182749
Thank you. This appears to be working for us (around 20 endpoints) - we will resume the rollout to another testing group.
hello,
I would change my trac.defaults. file.
now I see the following string:
route_conflict_resolution_method STRING "delete_create" GLOBAL 1
how do I have to change it with the reported parameters?
thx
Is Checkpoint considering sk182749 a temporary work around or permanent fix? Meaning will a client side fix be coming or not?
Yes in GA version - we still have EA version!
Hi, I keep coming back to this forum almost daily now. Any idea when the new Check Point Remote Access VPN Client will be available? E86.80 still doesn't work with Windows 24h2. I tried to locate trac.default and change the "route_conflict_resolution_method" but that doesn't make any difference.
Thank you
E86.80 or E88.60?
The former doesn't support Windows 11, and the workaround only applies to E88.40 - E88.60.
In any case, we release new Endpoint/VPN clients every month or so.
The next release (E88.70 for Windows) is expected in the next couple of weeks and is expected to include a fix for this.
Thank you for your prompt reply; I appreciate it.
I did mean 86.80 - in the end, that's the only one that is offered (for Windows) when I try to download it from https://www.checkpoint.com/quantum/remote-access-vpn/#downloads
The file name says "E86.80_CheckPointVPN.msi"
I am also not sure we talk about the same thing since you suggest that new client is released every month or so. But the download page for Remote Access VPN Client (https://support.checkpoint.com/results/download/125581) says it has been published in 2022...
I'm not sure what to make of this. If there is some other page where to download the client, please let me know - and I'll be waiting there for the E88.70.
Thanks a bunch!
Found this page I wasn't aware of https://sc1.checkpoint.com/documents/E88.x/EN/Remote_Access_VPN_Clients_for_Windows_RN/Content/Topic...
So I guess here.. Alright. Then I'll keep checking for 88.70
What is linked on checkpoint.com is definitely not the most recent.
You can download E88.60 from here (under Standalone clients): https://support.checkpoint.com/results/sk/sk182468
Has the new release (E88.70) been officially released? Thx.
Hey! Is there any update on when E88.70 is expected to be released. We are struggling with users unable to use the VPN.
As I understand it, there are a few fixes that have yet to be finalized.
We are working to get it out as soon as possible.
Hi, I guess no update? It's really becoming a pain, and workarounds (different laptops running different version of Windows) are quite annoying.
Thanks for any info
Not heard an updated ETA yet.
Assuming this is the true solution to the problem, I would expect us to set route_conflict_resolution_method to modify as the default upon installation of future client versions.
It could also be deployed on the gateway side by including the relevant setting in trac_client_1.ttm (it's currently not specified at all), possibly in a JHF/future version.
Would like to understand more about this setting change and any potential side effects before changing it globally for all users. Has this been tested by Checkpoint to be appropriate for other common scenarios including route all traffic through gateway (with Exclusion groups and other variations), MacOS users, etc.? Don't want to fix one thing and break another.
Since the general availability of Windows 11 24H2, we're noticing around 50% of Windows machines updated to 24H2 are failing to connect with the Remote Access VPN.
I noticed that with the release of Enterprise Endpoint Security E88.41 (https://support.checkpoint.com/results/sk/sk182237) issues with W11 24H2 were addressed, however the latest version of Remote Access VPN is 88.40.
Are other people experiencing similar issues? Since the RA VPN hasn't been updated but the Endpoint Security client has, I'm wondering whether its known there are issues with the RA VPN.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
Wed 10 Sep 2025 @ 11:00 AM (CEST)
Effortless Web Application & API Security with AI-Powered WAF, an intro to CloudGuard WAFWed 10 Sep 2025 @ 11:00 AM (EDT)
Quantum Spark Management Unleashed: Hands-On TechTalk for MSPs Managing SMB NetworksFri 12 Sep 2025 @ 10:00 AM (CEST)
CheckMates Live Netherlands - Sessie 38: Harmony Email & CollaborationWed 10 Sep 2025 @ 11:00 AM (EDT)
Quantum Spark Management Unleashed: Hands-On TechTalk for MSPs Managing SMB NetworksFri 12 Sep 2025 @ 10:00 AM (CEST)
CheckMates Live Netherlands - Sessie 38: Harmony Email & CollaborationAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY