Troubleshoot the Check Point integration

Troubleshoot the Check Point integration.

No response to sslVPN url

If the browser has no response to sslVPN url, it may be a network connection issue.

In the gateway, use the commands show route and ping to display network connectivity information:

Unable to connect to web server in private network

VPN connections are good, but you are unable to connect to the web server in the private network.

Possible solutions:

  • Network routing for the web server
  • Ensure the VPN communities setting contains this private network.

Cannot ssh

Issues accessing the terminal using SSH

Open the admin web page.

General troubleshooting

Go to SmartConsoleLogs&monitor. Select one of the pre-defined queries such as QueryAccessMobile AccessAll.

User is unauthorized

If you get an unauthorized user error message, check the policy and also verify the RADIUS group setting, and the group attribute.

In freeRADIUS, you can use tcpdump to check if the group attribute number matches with Check Point (default 25).

If you are using Windows, you can use Wireshark to capture packets. For example:

$sudo tcpdump -i eth0 port 1812 or port 1813 or port 3799 -vv … Access-Accept…… Class Attribute (25)<------(here, RADIUS returned the group using attribute number 25)

To check Check Point RADIUS group attribute values:

  1. Open GuiDBedit.
  2. Click Global Properties, firewall_properties.
  3. Scroll to radius_groups_attr.
For example: