- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hello Experts!
We are currently experiencing issues with the Remote Access VPN. The issue is when new user is created on the existing (Working) ClientlessVPNGroup and try to connect via browser fails the login with the error: "Unknown user". T/S was made creating new users using the same default template and the same results. However when creating new user on the internal AD which is part of the same RemoteAcessVPN Community and FW Rule it authenticates without issues. Publish & Install and Install Database was properly done.
Current environment:
SMS r81.10 (Was upgraded like 19 days ago from r80.30 to r81.10 and everything was seamlessly working until yesterday. 
Cluster (2 Gateways) running r80.30
Only change that was made yesterday was on the default template object witch is included on the uploaded file. I Appreciate any tips or suggestions on this issue.
Thanks,
Sounds like the ranges specified in the Translated Source field are incorrectly set for static instead of hide. You can right-click in that field and force it to Hide. If this is not the case please post a screenshot of the NAT rules in question.
Hey bro,
Did you make sure user belongs to the group allowed to access stuff via remote access community?
Andy
Yeah brother!
Normally, if you add user via AD, say if you have radius auth (just as an example) and AD integrated via dashboard, sometimes you may need to push policy to reflect the changes, though in most cases, it would reflect right away.
Andy
Yeah push policy was done with new AD user and worked but the issue at the moment is presented when creating new local users, current existing local users on the same group are working.
Email me some screenshots directly, let me check.
Done buddy!
K, just send zoom or webex, I think I can figure this out quick...Im sure its some minor misconfiguration.
Done
Sounds suspiciously similar to the following, what happens if you set the template expiration date to 2029 instead of 2030 and then create a user with it?
sk167103: Expiration Date configured to after 2030 is considered as expired
Thanks for the suggestion @Timothy_Hall will try that and keep you guys posted of the results.
@Timothy_Hall ...I just did remote with @K_montalvo and since we could not look at the actual environment, we went through some basic setup on lab mgmt and I also saw that for one customer I always help with, any local vpn users are by default set to same date (December 31st, 2030) and works fine. I believe sk you mentioned strictly references to new admin, as "never" option is not there for vpn user. Either way, I asked Kenny to try change it to say 2025 and see if it makes any difference. Personally, though I showed him the option for mobile access via blades (under manage and settings), considering this is the only user with a problem, does not logically sound like its an issue with the MA blade configuration. Regardless, they will test all we discuss and update us.
Andy
@the_rock @Timothy_Hall I was able to do T/S today and posibbly identified the issue:
What we are seeing is and error when the Standard Access Policy installation could that be the issue? If so can you guys guide me if theres a command to fix it or steps i shall follow to resolved the issue?
I really appreciate your help!
Thanks!
Sounds like the ranges specified in the Translated Source field are incorrectly set for static instead of hide. You can right-click in that field and force it to Hide. If this is not the case please post a screenshot of the NAT rules in question.
Hello,
This was actually the issue with a source network with a /16 translated to a /24 on a couple of NAT rules created a couple years ago. Somehow they started to present the issue recently. The TAC was also very helpful.
Hey buddy,
@Timothy_Hall is absolutely right. Sounds like nat method is wrong if thats the message you are seeing. Can you paste actual NAT rule?
Andy
Hello buddy,
Yeah what @Timothy_Hall posted above was the issue. I know if in the remote session yesterday with you had access to the actual environment you would figure it out. Many thanks as always for your support and friendship!
Any time, no problem at all. @Timothy_Hall is the man, I think he knows everything CP related, so always amazing resource.
HAPPY NEW YEAR!
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 23 | |
| 20 | |
| 13 | |
| 10 | |
| 9 | |
| 9 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY