CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 17 of 17

Thread: Endpoint Security E75.10 client constantly disconnects

  1. #1
    Join Date
    2011-03-03
    Posts
    3
    Rep Power
    0

    Default Endpoint Security E75.10 client constantly disconnects

    After getting a new batch of Windows 7 64-bit machines, I installed Endpoint Security E75.10 since SecuRemote isn't supported on this version of Windows.

    Firewall is NGX R65 HFA70 with the Endpoint Security hotfix.

    From the new client, I am able to connect to the firewall and receive an Office Mode IP address from the pool, and can connect to all necessary resources behind the firewall.

    The problem is, after about 30 seconds of inactivity the VPN tunnel is disconnected and automatically tries to reconnect. If I set a ping to one of the internal servers to run in the background then the tunnel stays open.

    The only message I see in the Tracker says:
    "remote access client IP address and port were changed"

    I was not using Secure Client before, so I don't have any Desktop rules defined for the new clients, not sure if this matters.

    I've tried connecting from several different locations / routers, on multiple computers (Win 7 and XP) running the same version of Endpoint Security, all with the same result.

    Is this a problem with anybody else?

    Thanks for any input.

  2. #2
    Join Date
    2006-12-04
    Posts
    1,316
    Rep Power
    15

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Probably you have some configuration issue.
    You can not use Office Mode IP addresses with SecureClient (even in new EA R75.10 version) this function is for Secure Client (you have to buy a new Lic for this ..)

    Desktop rules -also should not have any affects for SecureRemote.

  3. #3
    Join Date
    2006-10-18
    Posts
    53
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Hi

    I have a similar issue
    I just upgraded from R65 to R71.30.
    I have licences for Secure Client.
    As soon as I connect to the site, within 30 seconds, it disconnects.

    What licences is required, if my secureclient (upgraded to blade) does not work?

    What other mis-configuration should I look for?

    Thanks

  4. #4
    Join Date
    2006-10-18
    Posts
    53
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    I have done further testing.
    I have similar issues with SecureRemote E75.10
    As soon as nothing is typed within 30 seconds, it disconnects.

    I have found a workaround: doing a permanent ping to an internal IP.

    This leads me to think that either there is some sort of parameters for timeout or there is a new protocol between the client and the gateway to check for 'alive' status, and it is not working (perhaps blocked, but I could not see anything in the logs)

    As anyone else got the same issue and found a proper fix?

    Thanks

  5. #5
    Join Date
    2011-03-03
    Posts
    3
    Rep Power
    0

    Default Re: Endpoint Security E75.10 client constantly disconnects

    I don't have a fix, just the same workaround as you. After connecting through Endpoint Security, I set a permanent ping to run in the background to keep the tunnel alive.

    It works, but kind of a hassle when it's a new computer going to the pres. of the company.

  6. #6
    Join Date
    2006-02-09
    Location
    Charleston, SC
    Posts
    1,172
    Rep Power
    16

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Have you considered trying the R75 client, 1 version older but still virtually brand new
    There's no place like 127.0.0.1

  7. #7
    Join Date
    2006-10-18
    Posts
    53
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Here is what fixed it for me at the end:
    In $FWDIR/lib/implied_rules.def
    change the line
    #define ENABLE_TUNNEL_TEST
    to
    //#define ENABLE_TUNNEL_TEST

    Open SmartDashboard and add tunnel_test as accepted service to your VPN gateway. Install policy. Done

    I already had the tunnel_test in my rules, but modifying the file made the differenc

  8. #8
    Join Date
    2011-03-03
    Posts
    3
    Rep Power
    0

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Good suggestions above. But, not sure why or how this would work, but here's what I did.

    Set up an identical box in the lab as in production, same hardware and everything. Loaded R65 HFA70 with the Endpoint Security hotfix (exact same thing I'd done in production). Imported the configuration from the production box onto the lab box. Tested with the Endpoint Security client, and it worked. (This same client would continually disconnect on the production box).

    Just moved this box into production tonight. The client stays connected, and the Tracker shows the 'tunnel_test' entries, where I was not seeing these entries on the old box. Everything appears to be working how I need it.


    Insanity: doing the same thing over and over again and expecting different results.

  9. #9
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    17

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Yep, now you just need to get your R65 upgraded to R70 so that remain on a supported version unless your on IP350/380 appliances then you have until November to replace the hardware.

  10. #10
    Join Date
    2010-03-18
    Posts
    29
    Rep Power
    0

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Hi
    I have a UTM-1 with R75.10, also i have Securemote R75.10, but i connect to the Remote VPN, and connects, but 20 seconds[exactly] later the client disconnects
    Do you have any idea about this?

  11. #11
    Join Date
    2010-03-18
    Posts
    29
    Rep Power
    0

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Quote Originally Posted by Hernan_Mella View Post
    Hi
    I have a UTM-1 with R75.10, also i have Securemote R75.10, but i connect to the Remote VPN, and connects, but 20 seconds[exactly] later the client disconnects
    Do you have any idea about this?
    Hello
    Now i ve test with the EndPoint Security R80.10 VPN Client, and the client works ok, It doesn't disconnects....
    Please, there are some rectrictions for Securemote?
    Thanks

  12. #12
    Join Date
    2009-08-04
    Posts
    31
    Rep Power
    0

    Default Re: Endpoint Security E75.10 client constantly disconnects

    We are having the exact same issue here, E75.10 secure remote connects for 20 seconds and then disconnects
    The older secure remote client will connect fine though, its just the newer one

    after some research we thing its related to the local IP address of the client, if its in a similar subnet to the lan of the connecting network its then getting disconnected again, as we have connected ok from another site with different IP subnet ok

    has anyone experienced anything similar to this? and did they get a solution?

  13. #13
    Join Date
    2006-07-10
    Posts
    194
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    have you secure xl active? if so look for sk60200
    misery is optional

  14. #14
    Join Date
    2008-03-17
    Location
    Brazil, RJ
    Posts
    2
    Rep Power
    0

    Default Re: Endpoint Security E75.10 client constantly disconnects

    Quote Originally Posted by lil_tud View Post
    We are having the exact same issue here, E75.10 secure remote connects for 20 seconds and then disconnects
    The older secure remote client will connect fine though, its just the newer one

    after some research we thing its related to the local IP address of the client, if its in a similar subnet to the lan of the connecting network its then getting disconnected again, as we have connected ok from another site with different IP subnet ok

    has anyone experienced anything similar to this? and did they get a solution?

    I'm having the same issue. I've already a open at Check Point's TAC but still nothing.

  15. #15
    Join Date
    2006-07-10
    Posts
    194
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    also suffering with this issue. tried several things - no improvement at the moment. Case open at CP - they are refering to sk mentioned above but I don't believe it will help

    is your OM network inside the vpn domain (group)? if so removed it - location awareness could let the client think it's inside the vpn domain and disconnects

    anyway, all guessing right now - waiting another time for CP updates
    misery is optional

  16. #16
    Join Date
    2006-07-10
    Posts
    194
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    recieved a fixed version of the client
    misery is optional

  17. #17
    Join Date
    2006-07-10
    Posts
    194
    Rep Power
    14

    Default Re: Endpoint Security E75.10 client constantly disconnects

    first impressions are good - waiting for final user confirmation
    misery is optional

Similar Threads

  1. Endpoint Connect client disconnects after a few seconds
    By danjun in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 9
    Last Post: 2011-06-07, 22:08
  2. connecting via E75.10 to splat UTM R75
    By eladbu in forum Secure Access
    Replies: 4
    Last Post: 2011-04-19, 12:01
  3. Remote Access Clients E75.10 Now GA!
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 8
    Last Post: 2011-03-16, 05:55
  4. Endpoint Security R80.10 Now Available
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 0
    Last Post: 2011-02-24, 04:12
  5. Replies: 5
    Last Post: 2010-09-20, 04:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •