Support Center > Search Results > SecureKnowledge Details
"Cannot establish connection to SSL Network Extender gateway. Try to reconnect." error when connecting with SSL Network Extender on VSX after installing the "TLS 1.2 Hotfix for R77.30" Technical Level
Symptoms
  • "Cannot establish connection to SSL Network Extender gateway. Try to reconnect." error when connecting with SSL Network Extender (SNX) to Mobile Access Portal on R77.30 VSX Virtual System in the following scenario:

    1. Installed "TLS 1.2 Hotfix for R77.30" from sk107166 - TLS1.2 Support Plan for Check Point Products on R77.30 VSX Gateway / VSX Cluster
    2. In SmartDashboard: set the lowest TLS version for portals to either "TLS1.1", or "TLS1.2" and installed policy
      (Policy menu - click on Global Properties... - go to SmartDashboard Customization pane - click on the Configure... button - go to Portal Properties - in the snx_ssl_min_ver field, select either "TLS1.1", or "TLS1.2" - click on OK)
    3. On SNX client Windows-machine: Internet Explorer - Tools menu - Internet options - Advanced tab - checked either the "Use TLS 1.1", or the "Use TLS 1.2" box
  • SSL Network Extender (SNX) is able to connect to Mobile Access Portal on this VSX Gateway / VSX Cluster only if:

    • "TLS 1.0" is selected in SmartDashboard
    • "Use TLS 1.0" is selected in Internet Explorer on SNX client
  • Different versions of Mobile Access SNX Client are installed in the context of VS0 (VSX Gateway itself) and in the context of the involved Virtual System:

    • /opt/CPcvpn-R77/htdocs/SNX/CSHELL/snx_ver.txt file shows version 800008005
    • /opt/CPcvpn-R77/CTX/CTX0000<VSID>/htdocs/SNX/CSHELL/snx_ver.txt file shows version 800007102
Cause

The hotfix installation script did not copy the required Mobile Access SNX Client files from the context of VS0 (VSX Gateway itself) to the contexts of the involved Virtual Systems.


Solution
Note: To view this solution you need to Sign In .