So this post is just for everyone who may be pulling their hair out (or what is left of it) regarding the CVE and IKEv2.

I also just wanted to point out that in their CVE article, Checkpoint called IKEv1 deprecated and essentially implies that it shouldn't have been used in the first place. The hilarious part is that it never worked for Remote Access in R81 and is still broken for R82. 🤓Brilliant!

IKEv2 is NOT supported on R81 at all even though it is in the advanced settings. Why they would put it in there and never have it actually capable of working is beyond my comprehension. If you have a locally managed R81 device your only option is to upgrade to the latest firmware because none of the 3 mitigation options are possible (confirmed by TAC).

IKEv2 is broken on R82 (🤣hilarious!). If you turn on IKEv2 you will notice the following behavior:

1. Drop off exactly after 1 hour and require re-authentication. I have also seen some fun behavior when using Entra SSO where the browser will keep opening authentication tabs at such a rapid pace that the user has to hard boot (awesome!).

2. Drop off at completely random times. (makes getting logs hard😢)

3. Connected remote access clients may not show up in GUI or in CLI using the "PEP S U A" command. I connected myself, looked at both and it didn't show my user connected at all. This is kind of a roll of the dice because I had some users should up and some didn't. Also I would rerun the pep command or refresh the GUI and users would disappear and reappear (magic!).