We have a R81.20 VSX deployment running multiple blades for the environment.  We have deployed Identity Awareness using Identity Collectors connected to AD to authenticate VPN users and for rule authentication.  Identity Awareness is enabled for AD Query, Browser-Based Authentication, and VPN and is working correctly.

As we move to Windows 11 with authentication to Azure AD, we want to take this opportunity to move to the Checkpoint Identity Agent.

The solution was tested in the lab on a clean install and worked flawlessly.

We have configured the Identity Awareness on the Gateway as per the Checkpoint Admin Guide, but as this is a pilot in the Production environment, we are unable to set up automatic deployment of the agent. As such, we downloaded the agent from the gateway and manually installed it on the test machine.

When the agent searches for the gateway, it cannot find it, and if we manually configure the gateway in the agent, it does not connect. The logs show that the traffic from the agent is allowed on the firewall, and the traffic is not dropped.

If we open the portal URL, we see the page, but the middle section shows an error on MS Edge and is blank on Chrome.

The page's certificate is self-signed and issued by the Management Server. The VPN portal has an AD-signed certificate with the correct certificate chain.

Questions:

1. Is this certificate the issue?

2. Where do I find this certificate and update it to an AD-signed certificate?

3. If this is not the issue, then where could the possible issue be?