©2015 - 2022 Chad’s Technoworks. Disclaimer and Terms of Use

Chad’s TechnoWorks My Journal On Technology

Information Technology

Checkpoint VPN SSL Network Extender Not Working After Windows, Mac OS, Java or Firefox Update


Remote access to office computers is common nowadays especially for those that work in the IT division. The popular Checkpoint VPN used for secure access to corporate network uses Active X (Windows) or Java Applet (Mac) for its SSL Network Extender. It can be a pain when a regular system update to your browser or java or Windows would break your VPN client.

Here's a compilation of some the experiences I had and their fix. This will be my ever evolving document as Checkpoint would try to catch up with fixes for each system patch update.


WINDOWS SYSTEM PATCH

Symptoms: IE browser won't display the VPN page.

Avoid installing the following Windows Security Updates:

KB2992611, KB3042058, KB2585542


If these are already installed, proceed to uninstall these from control panel -> system -> windows update -> installed updates.



FIREFOX UPDATE (Mac OS)

Any version beyond 51.0.1 will cause the Checkpoint VPN not to work.

Download and install either the version 51.0.1 or the extended support 45.9.0

Before uninstalling Firefox and you determined that you also have an incompatible Java versions (JDK 7u51,JDK 8u131), make sure to uninstall the java applet plugin per the instructions: Firefox Plug-in Uninstall



Firefox 45.9.0 ESR Download

Windows7 32-bit

Windows7 64-bit

Mac OS

Linux 64-bit



Firefox 51.0.1 Download

All OS Versions: Mozilla FTP



JAVA UPDATE

Known incompatible Java versions that prevents the VPN from launching the Java applet: Java 7u51, Java 8u131


Solution: Downgrade Java

1. Uninstall Java

MacOS Uninstall Instructions

Windows Uninstall Instructions

Windows Registry Clean-up After Java Uninstall


2. Install The Latest Supported Java

Java JDK8u121 Download


Once you got the supported versions installed, set your Java and firefox not to do an auto update.

 

MacOS: Disable Java auto update

System Preferences -> Java (located at the bottom)

From the Java Control Panel, select Update tab and disable the Check Updates Automatically.

 

Disable Firefox auto update:

MacOS: Firefox Preferences -> Advanced -> Update tab -> [x] Never Check For Update


Alternative Solution:

If things still not working well or you rather have the latest Java version installed for security reasons, you may try to add your VPN URL in the exception list.


Windows Exception Instructions

Control Panel -> Programs -> Java

At Security Tab, edit the Exception Site List to add your VPN site (i.e. https://vpn.mydomain.com:8080).


Mac Exception Instructions

System Preferences -> Java (located at the bottom)

At Security Tab, edit the Exception Site List to add your VPN site (i.e. https://vpn.mydomain.com:8080).

FIREFOX SELF SIGNED CERTIFICATE EXCEPTION FAILURE


You may have Self-Signed Certificates used internally by you workplace and your browser doesn’t provide exceptions, you need a lower version of Firefox to make it work.


Firefox 45.9.0 ESR Download

Windows7 32-bit

Windows7 64-bit

Mac OS



Skip Add-on:

Tired of clicking the Certificate Exception Page?

Enable the Skip Certificate Error Add-on To Always Accept Self-signed Certs.

Warning: By doing this allows you to be exposed to websites with untrusted Cert Authority. Make sure that your computer and browser is only used for corporate internal network and not to browse the internet!


From your firefox browser, enter the following URL to install the add-on:

https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/

If patches was applied to the VPN server to address the Java issue and the client is still unable to connect, try forcing a re-download of the SNX client:


1. Delete CSHELL.JAR file from the cache (Temporary Files) in the Java Control panel

2. Connect to SNX gateway again to force a re-download of the SNX client