Hi chief, our issue is we don't use the Endpoint Security Client, but the standalone remote access VPN client.

On the 88.41 release page the Standalone VPN Client is 88.40

So I'm not sure if this (1) an oversight, (2) a new version will follow later, or (3) no issues are expected with v88.40 of the VPN client with W11 24H2.

The bugs fixed in E88.41 are relevant to the full Endpoint only, I believe.
Does the problem exist in E88.60 (latest for Windows)?

We're having the issue with 24H2 and all E88.x versions.   It is hardware independent, multiple makes/model laptops, and also affected our M365 Cloud PC VM's.  Rollback of 24H2 seems to be fixing it. 

I have TAC SR open since Monday, supplied logs from both sides including Zoom support session, awaiting response.  R&D needs to get on this right away.

We are seeing an issue with 24h2 and vpn as well, have tried the latest versions e88.40,41,60   vpn will connect but then drops the network connection in 10-20 seconds.  disconnect vpn, then you can reconnect wifi or ethernet

Rollback to 23H2 is the only option to fix.   E88.41 or above will only work with 24H2 Early Access versions from Microsoft.  24H2 GA released by Microsoft October 1 must have a major change in it to break VPN.  Checkpoint support holding firm on policy that they require 2 months from release of GA version from Microsoft to support it.   Hoping Checkpoint can do better but that's their official policy. 

See Phase 3 in https://support.checkpoint.com/results/sk/sk115192

This is the only work-a-round I was able to come up with as well.  Wondering if you came a crossed a more feasible fix?

Same issue. After disconnecting eth/wifi doesn't work. You have to either reboot the computer (non-admin) or ipconfig /release, renew as admin from cmd

sk182749

Thank you. This appears to be working for us (around 20 endpoints) - we will resume the rollout to another testing group.

hello,

I would change my trac.defaults. file.

now I see the following string:

route_conflict_resolution_method STRING "delete_create" GLOBAL 1

how do I have to change it with the reported parameters?

thx

Is Checkpoint considering sk182749 a temporary work around or permanent fix?   Meaning will a client side fix be coming or not?

Yes in GA version - we still have EA version!

Hi, I keep coming back to this forum almost daily now. Any idea when the new Check Point Remote Access VPN Client will be available? E86.80 still doesn't work with Windows 24h2. I tried to locate trac.default and change the "route_conflict_resolution_method" but that doesn't make any difference. 

Thank you 

E86.80 or E88.60?
The former doesn't support Windows 11, and the workaround only applies to E88.40 - E88.60.

In any case, we release new Endpoint/VPN clients every month or so.
The next release (E88.70 for Windows) is expected in the next couple of weeks and is expected to include a fix for this.

Thank you for your prompt reply; I appreciate it.

I did mean 86.80 - in the end, that's the only one that is offered (for Windows) when I try to download it from https://www.checkpoint.com/quantum/remote-access-vpn/#downloads

The file name says "E86.80_CheckPointVPN.msi"

I am also not sure we talk about the same thing since you suggest that new client is released every month or so. But the download page for Remote Access VPN Client (https://support.checkpoint.com/results/download/125581) says it has been published in 2022... 

I'm not sure what to make of this. If there is some other page where to download the client, please let me know - and I'll be waiting there for the E88.70.

Thanks a bunch!

Found this page I wasn't aware of https://sc1.checkpoint.com/documents/E88.x/EN/Remote_Access_VPN_Clients_for_Windows_RN/Content/Topic...

So I guess here.. Alright. Then I'll keep checking for 88.70

What is linked on checkpoint.com is definitely not the most recent.
You can download E88.60 from here (under Standalone clients): https://support.checkpoint.com/results/sk/sk182468

Has the new release (E88.70) been officially released? Thx.

Hey! Is there any update on when E88.70 is expected to be released. We are struggling with users unable to use the VPN.

As I understand it, there are a few fixes that have yet to be finalized.
We are working to get it out as soon as possible.

Hi, I guess no update? It's really becoming a pain, and workarounds (different laptops running different version of Windows) are quite annoying. 
Thanks for any info

Not heard an updated ETA yet.

Assuming this is the true solution to the problem, I would expect us to set route_conflict_resolution_method to modify as the default upon installation of future client versions.
It could also be deployed on the gateway side by including the relevant setting in trac_client_1.ttm (it's currently not specified at all), possibly in a JHF/future version.

Would like to understand more about this setting change and any potential side effects before changing it globally for all users. Has this been tested by Checkpoint to be appropriate for other common scenarios including route all traffic through gateway (with Exclusion groups and other variations), MacOS users, etc.?  Don't want to fix one thing and break another.

What this parameter does is change how routes are created on the client once you connect to the VPN.
With the default setting (delete_create), your conflicting local routes are deleted and recreated with lower priority along with the VPN specific routes.
With the "modify" setting, the existing conflicting routes are modified to a lower priority and the new VPN specific routes are added.

I can't say to what extent this has been tested.
However, on the surface, it appears it should not cause an impact on other user/usage types.

I assume you change "delete_create" to "modify" 

https://support.checkpoint.com/results/sk/sk75221