PDA

View Full Version : There's always one!



sleepytom
2009-10-28, 06:54
Currently using secureclient for all of our VPN clients.
One user has a 64bit xp machine, I'm aware there isn't a Secureclient 64bit release. I guess he would have to use Endpoint security?

I have the endpoint security licenses but I’m not sure on how to configure the server side. It seems like overkill to install this for one client.

Any recommendations?

Thanks

Thorpuse
2009-10-28, 07:13
Get a quote for a 1-user SecureAccess license??? :P

Actually, I think that a the moment, you'll get away with using Endpoint Connect. But don't expect that to last long....

sleepytom
2009-10-28, 07:23
It seems like a long process to install one product,
Do I need to configure a server for endpoint to connect or just enable it on the firewall?

Tom

abusharif
2009-10-28, 07:27
Only firewall has to be r65 hfa40 or higher.
Altho xp64 bit doesnt seem to be supported, only vista 64.


Supported Gateways
•Power-1 Appliances
•UTM-1 Appliances
•IP Appliances
•Connectra R66
•VPN-1 R65 HFA 40 and higher

Supported Operating Systems
•Windows 2000 Professional 32-bit with SP1-4
•Windows XP Home & Professional 32-bit, with or without SP1-3
•Windows Vista 32 and 64 bit, with or without SP1


Check Point Endpoint Connect VPN Client (http://www.checkpoint.com/products/endpoint_connect/index.html)

Thorpuse
2009-10-28, 08:07
XP64 works with Endpoint Connect. Supported? Well...

sleepytom
2009-10-28, 08:09
If I could only get it to connect,
I keep getting this error in the tracker on connection:

Reject Reason IKE failure
Encryption Scheme IKE
Subproduct VPN
VPN Feature OfficeMode
Information OM: user tried to connect, but you have reached the number of purchased licenses.

I'm on the checkpoint to ask them about this, i have installed the license.

Thanks

sleepytom
2009-11-27, 04:49
I installed Endpoint connect with no issues, connected first time.

I love the CPUG

Thanks guys

pmb1010
2009-11-27, 06:49
explain what you did Tom.
I'm in same issue, except we don't use SecureClient (only SecureRemote)

What FW are you using/Patch level?
What licensing did you need to install?

What changes did you make at the FW?
When I had the "no license issue" the only thing I could do was enable office-mode with a generated "temp" license that enabled everything.
Going back to my regular VPN NGX license gave me the "out of license" log entries again.

sleepytom
2009-11-27, 06:59
explain what you did Tom.
I'm in same issue, except we don't use SecureClient (only SecureRemote)

What FW are you using/Patch level?
What licensing did you need to install?

What changes did you make at the FW?
When I had the "no license issue" the only thing I could do was enable office-mode with a generated "temp" license that enabled everything.
Going back to my regular VPN NGX license gave me the "out of license" log entries again.

What’s your current licensing? Do you have a license for Endpoint connect users?
Basically I had to contact checkpoint directly. they regenerated me a license which I applied to the firewall attempted to connect and it worked first time.

My firewall version is UTM-1 272 running R70.
.

pmb1010
2009-11-27, 08:30
no license for endpoint connect.

We are only SecureRemote users.
No SecureClient license.

I asked my Checkpoint reseller for "endpoint connect" licenses.
He is looking in "the best options for my issues" whatever that means.

I'm hung out to dry if a 64 bit client needs to connect.

Production is on NGX R65 no fixpacks, I dont have the product code memorized.
I'm testing on R65HF50 and R70/70.1 to solve this problem.

Thorpuse
2009-11-27, 08:56
You'll need to be at least at R65 HFA40 for Endpoint Connect to work.

pmb1010
2009-11-27, 09:22
Not sure who Thorpuse's commect was directed to... but I am testing getting this operational on R65HF50 *and* on R70/70.1 in my test/lab environment.

Once I settle on a solution, that will be the direction on where my production R65 no fixpack system goes.

I hope that clears up the comment