When using an ActiveSync app on an iOS connected to R76 / R77 Security Gateway, multiple sessions could be established for each user

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk96686
Technical Level
Product	Mobile Access / SSL VPN
Version	R76, R77
Platform / Model	All
Date Created	12-Nov-2013
Last Modified	26-May-2014

Symptoms

When using an ActiveSync app on an Android phone or an iPhone, multiple sessions could be established for each user.
Check Point Mobile clients take more than one seat per license count on Security Gateway.
Output of 'listusers' command shows the same user and user's IP address several times.

$CVPNDIR/log/cvpnd.elg (under debug) shows a mismatch between login name and the DN on the certificate:

.............
[SESSION] [CVPN_WARNING] Cvpn::SessionManager::isSessionValidForCreds: Username mismatch: current username: 'UserName', username stored on session: 'FirstName LastName'
[SESSION] [CVPN_WARNING] Cvpn::SessionManager::getSessionByDeviceID: sessionID (...) not valid for creds gived by user (UserName)

Affected versions: Mobile Access Security Gateways R76, R77.
For R75.X, refer to sk68120.

Cause

The problem is with the ActiveSync feature - not with Check Point Mobile.

Phone certificate differs from user login name, so every time ActiveSync is initiated, a new authentication session is created.

User CN (and the fullname attribute from the LDAP) is the person's full name, whereas in Check Point, the CN is only the username.

Solution

Note: To view this solution you need to Sign In .