Support Center > Search Results > SecureKnowledge Details
Applications that use IPv4-mapped to IPv6, are not supported with SNX in Application Mode
Symptoms
  • Applications under SNX in Application Mode fail to reach encryption domain.

  • Applications under SNX in Application Mode reach encryption domain, but directly and not through the SSL tunnel.

Cause

SNX in Application Mode does not support IPv6 and does not support IPv4-mapped to IPv6.


Solution

No fix is required; the system is functioning as designed.

 

Since R77.20, by default, IPv6 connections and IPv4-mapped to IPv6 connections will go directly to destination and not through the SSL tunnel, even if it is destination in the encryption domain.

 

In order to enhance the security, SNX user can change the default behaviour for such connections to be dropped.

In Windows Registry, set the decimal value of the following DWORD 32 key to 11:

HKEY_CURRENT_USER\Software\Checkpoint\SSL Network Extender\parameters\DropIpv6

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • 01244809 , 01294173 , 01353737 , 01386596

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment