Support Center > Search Results > SecureKnowledge Details
"Cannot establish connection to SSL Network Extender gateway. Try to reconnect" message when trying to connect via SNX after firmware was upgraded to R77.20.51 (or higher) Technical Level
Symptoms
  • After upgrade to R77.20.51 or higher on a locally managed appliance, SNX Remote Access Users cannot connect.

  • SNX Remote Access users get the error message "Cannot establish connection to SSL Network Extender gateway. Try to reconnect".

Cause

In R77.20.51, the default cryptography protocol used by remote access users is TLSv1.2, as previous versions contain numerous potential security weaknesses.

There is a new SSL Network extender that supports TLSv1.2, but users must first uninstall their previous extender and then download the new one the next time they connect to SNX.


Solution

The recommended solution for users:

  1. In the Windows OS, go to the "Programs and Features" list.

  2. Search for "Check Point SSL Network Extender".



  3. Uninstall this program.


    Note: The next time the user connects, he is asked to install the new extender that the new firmware downloaded from the cloud.


If the problem persists, it may due to a problem with the deletion of the previous extender in the appliance.

To force the appliance to delete its existing extender and download the latest version (that supports TLSv1.2) from the cloud, select one of these options:

  • Run the clish command: delete ssl-network-extender
  • Run this Linux command in Expert mode: rm -r /storage/extender


Note - An administrator can revert the cryptography protocol to an older version and eliminate the need to uninstall the extender in each end-user desktop: 
Go to Device > Advanced Settings and search for the advanced setting of "Minimum TLS version support in the SSL VPN portal". This is not recommended as it poses a security risk.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment