Mobile Access SSL Network Extender (SNX) remote users with Windows 11 24H2 fail to connect

 

Cause

The conflict resolution mechanism in Windows 11 24H2 is different than in earlier versions of Windows.

Solution

On the Windows endpoint computer, create a new Windows Registry parameter.

Procedure

1. On the Windows endpoint computer, open the Registry Editor.
2. Go to this location:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpextender
3. Create a new DWORD entry with the name MetricSetMethod.
4. Set the value of MetricSetMethod to 1.
5. Restart the Windows endpoint computer.

Updatable objects appear as 'no longer supported'

 

Symptoms

• In some scenarios, the following validation warning appears on an updatable object: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.

Solution

Updatable objects use CloudGuard infrastructure. To resolve this issue:

1. Restart the CloudGuard controller by running these commands on the Security Management Server:

   • cloudguard stop

   • cloudguard start

2. Open the updatable objects pane

Notes:

• If you are using Smart-1 Cloud Contact Check Point Support to solve the issue.
• If you are using Multi-Domain Management Server, run the commands on the MDS level.

 

Checkpoint enable ICMP redirects

 

To enable ICMP redirects, configure the global kernel parameter fw_icmp_redirects=1 on the Security Gateway.

• To change the parameter On-the-fly:
  1. Run the command: # fw ctl set int fw_icmp_redirects 1
  2. Verify the new parameter setting with: # fw ctl get int fw_icmp_redirects

To set the parameter value to survive reboot (see details in sk26202)

1. Edit the $FWDIR/boot/modules/fwkern.conf file.
2. Add the line: fw_icmp_redirects=1
3. Reboot

 

Check the hard drive integrity - firewall checkpoint 5800

 To check the integrity of a hard drive in the Gaia/SecurePlatform OS:

    Connect to the machine over console (serial).

    Reboot the machine.

    Press a key on the "Press any key to see the boot menu" screen. The Check Point Boot Menu now opens.

    Select the "Start in maintenance mode".

    Enter the Expert mode credentials.

    Unmount the file system:

    # umount -a

    For the EXT3 file system, run the applicable 'fsck' commands (skip this step if you have a XFS file system):

        Check and update the bad block list, but do NOT repair:

        # fsck -f -n -c -v

        Repair automatically:

        # fsck -f -p -c -v

        Note: If you detect inconsistencies, 'fsck' may require the user to remove the '-p' flag from the syntax. In such a case, use the 'fsck -f -y' command instead to assume 'yes' to all questions.

        # fsck -f -c -v -y
        # sync
       # reboot