Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AfterMath
Contributor

GAIA EMBEDDED - ERROR TRYING TO ACCESS THROUGH VPN CLIENT

Jump to solution

Capturar.PNG

 

10.PNG

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

The SSLVPN-50 was what I am expecting to see, which means it’s not a license issue.
In any case, the only things I can suggest are:

  • Updating to latest firmware
  • Engaging with our TAC for further assistance

View solution in original post

0 Kudos
22 Replies
_Val_
Admin
Admin

Instead of posting pictures, please explain what kind of site you are trying to setup, and what is the actual use case. What are you using on GW side and on client side?

0 Kudos
AfterMath
Contributor

OFFICE1 (GW SIDE)

o1.PNG

 

OFFICE2 (CLIENT SIDE)

o2.PNG

0 Kudos
_Val_
Admin
Admin

I repeat the question: what are you using on the GW and client side? Appliance type, software version, same for the client.

 

0 Kudos
AfterMath
Contributor

First, thanks for your patience #Val

Office 1 (GW SIDE)

Check Point 730 Appliance (Locally Managed)
Version: R77.20.51

Office2 (Client side)

Endpoint Security VPN E84.50 and i tried also old version

0 Kudos
the_rock
Authority
Authority

Im not good with embedded gaia by any means, but I know @G_W_Albrecht definitely is, so maybe he can give you some pointers, I will say though, based on your very first screenshot, it says site does not support use of this client. Have you tried using different vpn client version? I can tell you that most of the time with regular firewalls when you see similar errors, it usually has to do with visitor mode not being enabled, but not sure if thats applicable to your scenario.

0 Kudos
AfterMath
Contributor

Thanks #The_rock

Yes, i tried different version, even this very old

 

or.PNG

0 Kudos
the_rock
Authority
Authority

Message me directly, lets do quick remote session if you have time.

0 Kudos
G_W_Albrecht
Legend
Legend

Compliance Blade ? My StandAlone client does not have this blade. Sure you downloaded that client:

client_.png

0 Kudos
AfterMath
Contributor

No link to dowload...

ya.PNG

0 Kudos
G_W_Albrecht
Legend
Legend

Never seen that - i wonder how you have been able to download the other versions, but you better ask TAC for the client...

0 Kudos
_Val_
Admin
Admin

Mobile client means SSL VPN, you may want to un-check this option and try again. Also, it would make sense to upgrade to the latest firmware: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doShowproductpage&productTab=o...

 

 

0 Kudos
PhoneBoy
Admin
Admin

This SK suggests a license issue: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
However, I'm pretty sure the 700 series has the necessary license embedded in it (or should).
What is the output of cplic print from the appliance?

0 Kudos
PhoneBoy
Admin
Admin

Did you install your VPN client as Endpoint Security @AfterMath ?
That might explain this message.
Recommend installing as Check Point Mobile which should be covered by the license in your appliance.

0 Kudos
AfterMath
Contributor

I tried the two ways, still dont working..

0 Kudos
PhoneBoy
Admin
Admin

Can you please provide the output of cplic print?
Otherwise all I can suggest is a TAC case.

0 Kudos
AfterMath
Contributor

cplic.PNG

0 Kudos
Tom_Hinoue
Collaborator

Maybe you have a NAT rule on CP730 forwarding port 443 to your internal servers? (wondering from your other post where it is detecting a hotspot)

If you do, you will need to configure in advanced settings to reserve port 443 for port forwarding, and assign a different port for Remote Access.

0 Kudos
PhoneBoy
Admin
Admin

This doesn't tell me what I'm looking for.
The output of a CLI command will give me more precise details that aren't reflected in this screenshot.

And the point about usage of port 443 for a server/port forwarding is also something to check for as well.

0 Kudos
AfterMath
Contributor

dam.PNG

0 Kudos
PhoneBoy
Admin
Admin

The SSLVPN-50 was what I am expecting to see, which means it’s not a license issue.
In any case, the only things I can suggest are:

  • Updating to latest firmware
  • Engaging with our TAC for further assistance

View solution in original post

0 Kudos
AfterMath
Contributor

Ok
Ill try and ill be saying something after this process..

Thanks..!

0 Kudos
AfterMath
Contributor

Thanks to all of you!

 

It´s working, i did the firmware upgrade, and renewed the certificate on the gateway before connecting from the client.