This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HerbertP
Participant
‎2026-04-08 05:46 AM

R82.00.10 Remote Access using Cert seems broken

Hello,

after following the issues with R82.00.10 for a while, I have now tried to upgrade one locally managed appliance 1535 to 

R82.00.10.

Now clients using remote acess with certificate based auth can no longer reach internal hosts via vpn.

Windows and IOS Client (cert based auth is the only working way to use vpn on demand and split tunneling  on IOS) can connect, the office mode address is assigned and routing seems to be correctly set on the client, but traffic does not reach internal sites.

When the client is connected, the UI VPN/Connected remote users does not show that the users are connected.

Is this an know issue, is there a solution, as this completly breaks functionality.

Thanks

0 Kudos
8 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-04-08 07:40 AM

Suggest this will need an SR with TAC if not already?

Please also confirm the build of R82.00.10 image used and the applicable Endpoint client version/s?

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2026-04-08 08:17 AM

What build of R82.00.10 did you load?
There's a known issue with certificate validation in some releases: https://support.checkpoint.com/results/sk/sk184766
My understanding is that build 998002133 (currently linked in the R82.00.10 SK) should contain the CRL fix. 

0 Kudos
HerbertP
Participant
‎2026-04-08 08:42 AM
In response to PhoneBoy

The build 998002133 is exactly the version I have loaded. This seems to be an issue, where after successful auth. the traffic on the smb device is not linked to the user that has been authenticated. 
When the clients are connected and authenticated, I can see traffic drops originating from the clients office mode ip. When I add a rule src:<dynamic-office-mode-ip> the traffic passes instead of being matched via the remote access rule (user, not group) that worked in previous versions.

Additionally the gw ui does not show the connected user as authenticated.

To me this is bug on the gw-side.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2026-04-08 09:26 AM
In response to HerbertP

You wouldn't be getting this far if the CRL bug were involved.
Suggest a TAC case here.

0 Kudos
HerbertP
Participant
4 weeks ago
In response to PhoneBoy

TAC does not seem to be able to help, due to misunderstanding how certificate based authentication works / and is setup in general.

I am beginning to believe, that support for this product again is not at all working/reliable and that setting up business cases with this risky.

When I startet with checkpoint back in 2004, support offered world class support.

--Philip

0 Kudos
ohadp
Employee
Employee
4 weeks ago
In response to HerbertP

Hi @HerbertP 

My name is Ohad, and I’m from the SMB R&D team. Please feel free to reach out to me at ohadp@checkpoint.com.

I’d be happy to assist with your case.


Ohad

 

0 Kudos
Dafna
Employee
Employee
4 weeks ago
In response to HerbertP

Can you please share the output of:
ps aux | grep pdp (expert mode)

0 Kudos
HerbertP
Participant
4 weeks ago
In response to Dafna

.. does not seem to be running

 

[Expert@XXXX-XXXX-GW-BN]# ps aux | grep pdp
root 18843 0.0 0.0 4484 784 pts/0 S+ 17:36 0:00 grep pdp
[Expert@XXXX-XXXX-GW-BN]#

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events