The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Remote Access client with enforced SCV intermittently loses access to internal resources
Endpoint Security VPN
R80.20, R80.30, R80.40, R81
Remote Access client with enforced SCV loses access to internal resources intermittently. Access is restored by disconnecting and reconnecting to the VPN.
SmartConsole logs show frequent "No scv status from client..." drop logs for the affected users.
The issue begins after the user attempts to access an internal resource, where the Security Gateway performs Static NAT on the destination IP address.
Kernel debug shows an ICMP type 3 code 3 message with the source address of the NAT IP address of the internal resource. Destination of the Remote Access client's Office Mode IP address is being dropped with action "VANISH": fw_log_drop_ex: Packet proto=1 X.X.X.X:771 -> 172.16.10.1:32678 dropped by fw_first_packet_state_checks Reason: ICMP error does not match an existing connection;
fw_handle_first_packet: first packet state violation (action=VANISH);
The dropped ICMP error indicates an issue with the SCV keepalive packet. When this happens, the gateway cannot validate the client's compliance status, so the user loses access to internal resources.