Support Center > Search Results > SecureKnowledge Details
File Shares using SMBv2/SMBv3 cannot be accessed using the Mobile Access Blade File Share application Technical Level
Symptoms
  • Mobile Access File Share fails to connect to server using SMBv2/SMBv3 only.
  • Mobile Access Blade gateway attempts to connect to the server using SMBv2/SMBv3 and the connection is rejected.
Cause

Mobile Access blade File Share applications does not support SMBv2 and SMBv3, by default.

Background: As per Wikipedia, Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS) operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

Per Microsoft from 2016: "SMB 1.0 is deprecated. Once this is removed, systems running Windows XP or Windows Server 2003 (or older) operating systems will not be able to access file shares. SMB 1.0 has been replaced by SMB 2.0 and newer versions." Therefore, if using SMBv1 for file-sharing, users might experience issue with accessing resources. Unless drops are specifically seen in traffic capture on gateway this is a non-Check Point issue.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn303411(v=ws.11)?redirectedfrom=MSDN


Solution

All Mobile Access blade versions on Security Gateways R80.30 3.10 and R80.40 and above support SMB v2/3.

Note: The default SMB version in the newer gateways is still '1.0'

SMB v2/3 support adds two attributes in $CVPNDIR/conf/cvpnd.C file:

Attribute Name Default Value Description 
:FileShareDefaultSmbVersion ("1.0")  The default SMB version.
:FileShareAppNameToSmbVersion () List of File Share application names and the SMB version to use. The default version indicated in FileShareDefaultSmbVersion is used for File Share apps that are not listed here. 


Configuration instructions for SMB v2/3 Mount Support for Mobile Access Blade:

  1. Back up the $CVPNDIR/conf/cvpnd.C file. 
  2. To change the default SMB version, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C set FileShareDefaultSmbVersion "<version>"
  3. To change the SMB version for a specific File Share application, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C listAdd FileShareAppNameToSmbVersion "<FileShare app name> : <version>" 
  4. For the changes to take effect, run: cvpnrestart
  5. In case of a cluster setup, repeat the procedure above for all cluster members.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment