This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joseflorez
Contributor
‎2021-01-22 06:14 PM
Jump to solution

I cannot access to portal ssl network extender

Hi 

I am having problems when trying to load the SSL Network Extender portal of one of the firewalls that I administer, I have compared the general configuration of IPsec and Remote Access of another firewall that works correctly and is the same configuration. What would you recommend me to review specifically?

The authentication method is Legacy so I don't have certificates

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2021-01-25 07:05 PM
In response to PhoneBoy
Jump to solution

Hey D,

I did remote session with Jose and helped him fix it. All it was is that in gaia portal, if you change port to non-standard, it changes option "according to policy", so then explicit rule is needed to allow access externally. If you just need it internally, then changing port to 4434 fpr example works for Gaia and also works on port 443 for snx. So Jose was fine with that and now he knows what to do in case they need to allow it on external interface. Thanks as always!

Andy

View solution in original post

13 Replies
Joseflorez
Contributor
‎2021-01-22 06:22 PM
Jump to solution

i have disabled the blade mobile access, everything had worked so far with ipsecVPN

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-22 11:04 PM
Jump to solution

What version/JHF level?
Are you referring the Mobile Access portal or the SNX portal (which is used to allow download of the SNX client when MAB is not used)?
Screenshot of what you see when you access the portal?

0 Kudos
Joseflorez
Contributor
‎2021-01-23 04:03 AM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy

HOTFIX_R80_10_JUMBO_HF Take: 279

I refer this portal SSL Network Extender, This is how it should work

0 Kudos
Joseflorez
Contributor
‎2021-01-23 04:07 AM
In response to Joseflorez
Jump to solution

Hi PhoneBoy

HOTFIX_R80_10_JUMBO_HF Take: 279

I refer this portal SSL Network Extender, This is how it should work

SSL NE.PNG

but when i try to the load of url by  other gateway appear this form

Error ssl.PNG

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-23 10:31 AM
In response to Joseflorez
Jump to solution

Do you have an explicit rule in your access policy to allow this connection?

As a separate issue I recommend upgrading from R80.10 since it will be officially End of Support in the next few months.

0 Kudos
Joseflorez
Contributor
‎2021-01-23 11:03 AM
In response to PhoneBoy
Jump to solution

No, i dont have an explicit rule to allow this connection. This connection do match with the implied rule, and now see an drop

Drop.PNG


How could I allow the connection? Could this have any repercussions? Modify the implied rule

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-23 02:54 PM
In response to Joseflorez
Jump to solution

There's an SK about that.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Joseflorez
Contributor
‎2021-01-25 06:02 PM
In response to PhoneBoy
Jump to solution

When i do this SK, now i can to access, but to gaia portal not portal SSL Network Extender to connect to VPN. What else can I do?

0 Kudos
the_rock
Legend
Legend
‎2021-01-25 07:05 PM
In response to PhoneBoy
Jump to solution

Hey D,

I did remote session with Jose and helped him fix it. All it was is that in gaia portal, if you change port to non-standard, it changes option "according to policy", so then explicit rule is needed to allow access externally. If you just need it internally, then changing port to 4434 fpr example works for Gaia and also works on port 443 for snx. So Jose was fine with that and now he knows what to do in case they need to allow it on external interface. Thanks as always!

Andy

PhoneBoy
Admin
Admin
‎2021-01-25 08:02 PM
In response to the_rock
Jump to solution

Nice work 🙂

0 Kudos
the_rock
Legend
Legend
‎2021-01-23 08:12 PM
In response to Joseflorez
Jump to solution

As soo as I saw your response, first thing that popped into my head was possibility of MA and gaia portal using same port number. PLEASE ENSURE they are different and then push the policy and let us know.

Andy

0 Kudos
the_rock
Legend
Legend
‎2021-01-25 06:05 PM
In response to the_rock
Jump to solution

Hang on...so what port is your Gaia portal now? Message me offline, lets do remote session, I want to see this. Something does not make sense.

Andy

Joseflorez
Contributor
‎2021-01-25 06:14 PM
In response to the_rock
Jump to solution

my port gaia now is 4434 but the 443 still works, where would the remote session be? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events