This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Bachan
Contributor
‎2024-11-15 07:45 AM
In response to the_rock

Hi Rock,

We performed the sk132712  and this didnt resolve our issue. After policy installation the gateway stopped listening on port 18231, but after making VPN connection the icon for Compliance on Endpoint VPN Client changed to grey(Greyed out) and status to Off. So this solution will not work of our environment. Hence we ended up opening TAC. TAC provided us the below solution.

 Follow the steps - (Make this changes on Gateway)

  1. If you do not need policy on the client, you can uncheck the policy server checkbox on the GW.
  2. If you do need policy, you can edit fwauthd.conf that is located in $FWDIR/conf and mark out the policy server processes as follow:

*#*0 dtps dtpsd respawn 0

*#*0 dtls dtlsd respawn 0

Then perform  cprestart on the GW. Do a cpstop; cpstart in a maintenance window. 

3. After this, the policy server should be shown down.

4. After that, we need to apply the hotfix(Contact TAC). The hotfix will assist to make the configuration changes permanent. 

5. Check the status of port 18231 - 

# netstat -tulnp |grep 18231
# netstat –atun |grep 18231

Note: Checkpoint has created PRHF-32277 for this issue and they don't have any plans to integrate this issue in next JHF anytime soon. So for every upgrade, we need to reach TAC for hot-patch.

View solution in original post

(1)
Who rated this post