FOAK:Checkpoint VPN

Are there any budding experts on Checkpoint VPN's?

I have been using R60 NGX and found it doesn't tend to like Boingo Free WiFi
software very much.
It will connect the WiFi over non-VPN as long as you like, but once VPN is
active, it will only keep the connection (WiFi) up for a while, and then for
some reason force disconnects it.

I believe the Diagnostic might reveal more info why, but not totally sure if
messages in there were relevant. There were plenty of messages that on
recollection mentions local IP address vs "Office mode" causing an
encryption failure.
I am just wondering if the VPN has enough of encryption errors of a
particular type (due to WiFi and VPN combo), and perhaps then decides the
active security policy must kill the connection (thinking its like a dial
up, which it ain't).

Of course the VPN connection cannot even name a WiFi connection to bind to
the particular connection (or this one can't, lets be clear), so the VPN is
running over the usual "LAN". So its not like a specific named connection is
set in the software, by me at least.

I traced the settings causing the problem (and fixed it) by removing enabled
settings for NAT-T, Connectivity enhancements and Hub Routing mode - which
found to be in force I tried on an earlier R56 "clean install" and found it
to not reproduce the problem. I mirrored the settings in R60 (which was
deployed with an existing policy however hence the new settings) and found
it then worked.

The question is, no one can tell me what those settings do and we don't have
a direct Checkpoint support contract. We have a european centre that does
but I may struggle to get them to answer the problem. I also doubt the
company would fund NGX certification.
I have the solution, I am just not totally sure what the problem is. Or
something.


--
Antonio

VN800 Drifter
T509i "Tri/onda" (Twizzle frame'd custom WIP build)


.

Relevant Pages

  • RE: Accessing Sharepoint via a VPN with XP Home
    ... To check your connection settings, click the Tools menu, and then click ... See if your Internet connection settings are being detected. ... > Thank you for posting to the SBS Newsgroup. ... > I understand that you cannot VPN to http://companyweb from Windows XP Home ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Woes on Imate PDA2K
    ... I switched to internet3 the issue resolved itself. ... getting from t-mobile as well as the vpn tunnel. ... > I am able to establish a good GPRS connection under "My ISP" in Connection ... The Modem tab is left blank, as is the Proxy Settings tab. ...
    (microsoft.public.pocketpc.phone_edition)
  • Re: VPN Woes on Imate PDA2K
    ... need a user name and pwd so I ignore these settings. ... Start a GPRS connection and see if you can surf. ... Start a VPN ...
    (microsoft.public.pocketpc.phone_edition)
  • Re: OWA/VPN problems
    ... everytime I try to send a mail using OWA and when I try to connect using VPN ... troubleshooting information for this connection, ... DNS hosts sent me a screenshot of their settings so I know it's right, ... as a workaround I instruct the customer to use OWA... ...
    (microsoft.public.windows.server.sbs)
  • VPN Woes on Imate PDA2K
    ... I have Tmobile GPRS VPN service, ... Exchange mail via a PPTP server. ... I am able to establish a good GPRS connection under "My ISP" in Connection ... The Modem tab is left blank, as is the Proxy Settings tab. ...
    (microsoft.public.pocketpc.phone_edition)