Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dale_Lobb
Advisor

Browser support for SNX client in SMB firewalls

  We have an SMB 1530 cluster providing remote access via the embedded Remote Access Portal.  We are using the SNX client.  The cluster is running the most recent firmware for the 1530 platform.

  Currently, we are unable to get any browser, except Internet Explorer, to work with this solution.  No other browser will activate  SNX, even if SNX and required Portal Agent are pre-installed on the PC. 

  At the same time, the same PC will invoke SNX from IE, Firefox, Chrome and Edge when connected to our main firewall running the R80.40 Mobile Access Blade.

  I have tried everything I can think of to try to find a way to get the SMB 1530s to work with another browser, including pre-loading all the software, and installing ancient versions of Oracle Java on the PC.  Nothing seems to work, yet all of these combinations work fine with the R80.40 MAB.

  Has anyone else run up against this?  I would be fine with telling external users they have to use IE to make the connection, but IE is slated for end of support on June 15th.  M$ is even hinting that IE will be de-installed from retail versions of Windows automatically at that time.

0 Kudos
14 Replies
PhoneBoy
Admin
Admin

SMB appliances use the legacy SNX portal which only supports Internet Explorer.
MABDA has not been brought into the SMB appliances yet and not sure what the plan is.
Best to install and use Check Point Mobile versus SNX (uses the same license).

0 Kudos
Dale_Lobb
Advisor

  So, you are saying that CheckPoint does not yet have a published plan for how they are going to handle the M$ de-support of IE in less than 2 months?

 

0 Kudos
PhoneBoy
Admin
Admin

SNX still works just fine, it’s just the portal piece that’s an RFE per here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

You can install SNX manually here: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...
Or use Check Point Mobile.

0 Kudos
Dale_Lobb
Advisor

  Yes, you are correct, SNX works just fine with other browsers: if you are working with a MAB portal.  However, the IPsec VPN portal resident in SMB appliances cannot start the SNX client from any browser except IE; it does not matter if you have installed SNX manually or automatically.

  I am just surprised that less than two months before IE drops dead, or, at the very least, becomes unsafe to use, CheckPoint does not seem to have an articulated policy for how they are going to handle that event.  It may be that "SNX is no longer supported, use CheckPoint Mobile" would be the policy, or that MAB might be supported by an SMB firmware upgrade, or whatever else might be thought up.  But it seems there is no official, articulated policy at all.  I am guessing that there are probably thousands of SMB firewalls out in the field.  Is it really ok not to have a policy and communication plan?

PhoneBoy
Admin
Admin

Unfortunately, I don’t have a formal statement about this issue beyond what’s stated in the SK.
If this is a requirement for your use case, I recommend approaching your local Check Point office.

0 Kudos
G_W_Albrecht
Legend
Legend

IE has been banned from most PCs years ago and CP has developed the new MAB portal (sk113410 - Mobile Access Portal and Java Compatibility - New Mobile Access Portal Agent technology). SNX has been legacy since Connectra has evolved to Mobile Access Blade 😎 and never since has been more than an alternative to fatter clients like Mobile or Enterprise VPN client. Remember: SSL Network Extender is not supported on 64-bit browsers in Windows. Official sk65210: SSL Network Extender was created in 2013. And fact is that MAB is a GAiA feature and not implemented on SMBs small hardware footprint with a reason. 

Note for locally and centrally managed SMB appliances [Embedded Gaia]:

This feature is not included in the product. If you need it, submit a Request for Enhancement.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Dale_Lobb
Advisor

  Actually, SNX works fine from 64 bit browsers.  Support may be a different question, but it does work, at least on all the browsers that I tried it from: Chrome, Edge and Firefox.  The issue is that it only works when invoked from the MAB portal.

  The SMB systems' Remote Access portal still will only invoke SNX if one is using IE, which is now a little over one month and one Patch Tuesday since de-support.

Best Regards,

Dale

0 Kudos
DanuziaLeorne
Explorer

Guys,

Does anyone have any news on this subject?

I have the same problem.

I'll open a TAC.

0 Kudos
Dale_Lobb
Advisor

I did open a TAC case, on the day before IE went end of life.  So far, they are waiting on a response from R&D, who seem to be working on a solution.  

TAC recently closed the first case, because it had been open too long and created a new one, although I do not see the new case in SupportCenter.

 

The original case I opened on 6/14/2022: 6-0003299927.

The new case is: 6-0003336999.

 

Best Regards,

Dale

0 Kudos
PhoneBoy
Admin
Admin

Try using the R81.10 firmware that was recently released: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
While I didn't run extensive tests (i.e. I didn't install Java/SNX), all the popups appear to work as they should.
Also, the MABDA "hotfix" was integrated into maintrain at R80.40, which means it should also be present in R81.10 on SMB (unless there's some reason it's not). 

0 Kudos
Marquevis
Participant

Hello,

I installed R81.10.05 (996000901) on SMB, but the limitation still exists. Can't login with Chrome, Firefox and Edge

0 Kudos
Marquevis
Participant

Hello,

Yesterday I opened a ticket for the checkpoint and received the following response:

"SNX client on Gaia Embedded only supports 32-bit browsers, which means that currently we support only Internet Explorer.

We do know that IE will be out of support by Microsoft this year and changes for SNX client to support other browsers are under active discussion.

However for now, the only supported browser is Internet Explorer. I apologize for the inconvenience"

0 Kudos
Dale_Lobb
Advisor

Nice...not.

"IE will be out of support by Microsoft this year" makes it sound like they are not aware that that has already happened and IE becomes more and more dangerous to use as time goes on.

 

0 Kudos
Martin_Raska
Advisor
Advisor

I am waiting years SNX support for other browsers on SMB 😄 and its still not available. There is only one option here and its Check Point mobile client as a normal company PC don't have IE installed. So this is game over for log time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events