Thanx a lot. I wonder how I could not find this SK myself...

Anyway, I logged into the appliance and extender/ folder is 64K and not 15MB as stated in this same SK. There is Internet connection for sure. I wonder why it does not want to download it. Is the SNX distributive available somewhere to download it manually ?

You can find the path here to download by WinSCP: sk65683 SSL Network Extender Manual Deployment from R75.20 Security Gateway to Windows 7 standard user

You can also download from another unit, of course

Yeah, it seems I'll have to do that on Monday because sadly the other SK requires Enterprise Support access. I have never ran into this problem while the appliance was locally managed. It started right after I switched it to central management. 

Install file should be updated upon policy install

sk: 

       Download the file from the Gateway under $CVPNDIR/htdocs/SNX/CSHELL/extender.cab                    (the SNXComponentsShell.msi located in the extender.cab file) and use windows GPO for deployment.

That does not seem to be applicable for Gaia Embedded. There is no such path there.

I tried both:

find / -name extender.cab 

and

find / -name *.cab

And nothing was found. I have also scanned log file and found nothing about failure to download SNX server side package. There is the content of /storage/extender at the moment:

-rwxrwxrwx 1 root root 5335 Jul 29 2015 cookies.js
-rwxr-x--- 1 root root 8573 Aug 25 2013 login_f.htt
-rwxr-x--- 1 root root 8017 Aug 25 2013 login_invalid_cert.htt
-rwxr-x--- 1 root root 3039 Aug 25 2013 not_authorized.htt
-rwxr-x--- 1 root root 9180 Aug 25 2013 registration.htt
-rwxr-x--- 1 root root 9159 Aug 25 2013 registration_invalid_cert.htt
-rwxr-x--- 1 root root 5938 Aug 25 2013 user_interaction.htt

The name should be enclosed in single quotes. But     You should try another GW for this, i think snx is missing from this unit

Well, I did just that but I flipped the second appliance from central to local management. After few minutes extender package was downloaded and installed. I copied it to the problematic appliance and voilaaaa it works again. 

Package was download from one of the CheckPoint servers but the URL does appear to be a temporary one. Size is approximately 39MB.

Why this does not work in central mode remains mystery to me but I don't have the time now to tackle this with CP support.

Thanx a lot for your support!

I will try this on my 1200R

Just reset to defaults from appliance button and on FTCW go straight to central management. Enable SNX and install policy. It may very well work for you. 

I just experienced the issue you had on my 1200R:

- 1200R is centrally managed

.- verified that SNX VPN clients are enabled

- SNX page showed the message

The resource is temporarily unavailable

- waiting did not change the message displayed

- WinSCP showed a very small /storage/extender directory without .cabs

- after copying the extender directory from my 730 SNX worked as expected on the 1200R centrally managed

Not the news I was hoping to hear. I was thinking it is something wrong I did in transitioning from local to central management but apparently it is a real issue that needs to be addressed by CheckPoint. 

Well, I have engaged TAC and opened new SR about this. I'll keep you posted on how it is going on.

Reply from support:

While I was working on this case, I found that you made some progress on checkpointmate.

As you memtioned on checkpointmate, you have 64k on extender folder, so the file is missing.

What I will do for next step, I will make same enviroment as you have right now, then  I will copy the missing file you have and provide for you.

Before doint that, I need some time to set up and test it.

My reply:

Hi,

As mentioned in this thread I already solved the problem by using another appliance in local mode to download SNX distributive and move it to the problematic one.

I have opened this SR for you to forward it to development so that problem is fixed permanently.

It is not acceptable to have appliance in central mode with not working SNX Extender.

Mind you that this problem is not local, it was confirmed by another CheckMate buddy.

Reply from support:

I would like to know if you have made any progress on this issue or if you need further assistance. If you need any further clarifications please let me know and I will be glad to assist.

If you are waiting for a maintenance window or know you will not be able to actively work on the Service Request for several days, please let me know the date when you would like me to follow up with you regarding the status of this Service Request.

As I mentioned in another thread engaging TAC is heavy time consuming procedure. Now you see why. I mean, come on TAC... are you kidding me ?!?

It is not always so easy to handle TAC 😉

Now, R & D will start working on resolving the issue in the next firmware version 😉 But sounds as if this was not the first occurence at all. Closing the SR is o.k. as we already know the workaround and a fixed version will take some time...

My feedback on sk100319 SNX temporarily unavailable did produce an answer:

This sk article is not relevant for R77.20.X for Gaia Embedded

That may well be, but then, this sounds like a bug without an sk...

Even if there is SK it is still a bug. 

Let's hope my SR was actually forwarded to R&D and that they will fix it in further release.