Mobile Access blade File Share applications does not support SMBv2 and SMBv3, by default.
Background: As per Wikipedia, Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS) operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.
Per Microsoft from 2016: "SMB 1.0 is deprecated. Once this is removed, systems running Windows XP or Windows Server 2003 (or older) operating systems will not be able to access file shares. SMB 1.0 has been replaced by SMB 2.0 and newer versions." Therefore, if using SMBv1 for file-sharing, users might experience issue with accessing resources. Unless drops are specifically seen in traffic capture on gateway this is a non-Check Point issue.
All Mobile Access blade versions on Security Gateways R80.30 3.10 and R80.40 and above support SMB v2/3.
Note: The default SMB version in the newer gateways is still '1.0'
SMB v2/3 support adds two attributes in $CVPNDIR/conf/cvpnd.C file:
Configuration instructions for SMB v2/3 Mount Support for Mobile Access Blade:
- Back up the $CVPNDIR/conf/cvpnd.C file.
- To change the default SMB version, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C set FileShareDefaultSmbVersion "<version>"
- To change the SMB version for a specific File Share application, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C listAdd FileShareAppNameToSmbVersion "<FileShare app name> : <version>"
- For the changes to take effect, run: cvpnrestart
- In case of a cluster setup, repeat the procedure above for all cluster members.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.