4 Replies Latest reply: Oct 29, 2007 1:12 PM by Dan Hamm
Dan Hamm Level 2 Level 2 (245 points)

I've googled this topic and searched through these forums, but almost ALL the threads I pull up are several years old (as in: 2004, 2005, etc.) At that time, there appeared to be several issues with connecting to Checkpoint.

I got approval to use my own MacBook at work instead of the old T42 the company gave me. My question is on the VPN: they use a Checkpoint VPN-1 Client for their Windows laptops. Will the built-in VPN client in Tiger effectively take the place of this for my MacBook?

If not, Checkpoint has a Mac OS X client - but I have found no thread on how well it works. Does anyone have any experience with it?

Thank you in advance for any guidance you can give me.

MacBook, Mac OS X (10.4.10), 2.16 Ghz, 2 GB, 160GB HDD, Superdrive
  • j.v. Level 5 Level 5 (4,155 points)
    I don't think so. My work uses Checkpoint VPN-1 (Certificates) as well. It is chiefly a Windoze shop but they tolerate a handful of Mac users. My IT guy gave me a copy of VPN Tracker 4.9 to use on my home desktop computer. It works.

    Checkpoint also has their own Mac client that I believe is free download but you use it with one of those key fobs that you push the button and it kicks out a four digit code that you append onto the tailend of your user PIN. I don't know enough about the VPN server side to know how, at the server level, you enable what methods of access. But both the Certificates method and the "key fob" method works on our Checkpoint VPN -- we have to use the key fob version on our laptops. See if your company management and IT Dept would look into one or the other of those for you, depending on how they have their Checkpoint VPN configured.
  • j.v. Level 5 Level 5 (4,155 points)
    PS - one of my coworkers did run into a minor little configuration problem with the Checkpoint client -- but between him and the IT guy, they got it worked out. The guy's a tech writer, so he wrote up a small ≤1-pager about what he had to do to get the Checkpoint client to work. This is what he wrote up:

    his email to me:
    Maybe this has happened to you. I was stumped as to why my MacBook was not visible/pingable/accessible by other computers at (our work), or in my home network.

    It turns out the problem was with the VPN client, Check Point SecureClient, which (our IT guy) is installing on Mac laptops these days.

    The resolution turned out to be simple. I've attached a couple of paragraphs with graphics about how to work around the problem.

    the attached document without the graphics:
    Check Point comes with a firewall that by default is active even when you are not connected via VPN or knowingly running Secure Client. But actually, you are running Secure Client in the background as soon as you boot up. You can tell by its colorful little icon of teal padlock, gold key, and red "X" icon that appears in the menu bar.

    {picture of his menubar was here}

    You can access other machines from your laptop with Check Point running, but other machines cannot see or access your laptop. Unless, you turn off the Check Point firewall.

    1. Click the Check Point icon.
    2. Select Tools > Disable Security Policy.

    The teal padlock part of the Check Point icon disappears.

    {picture of his menubar with different-looking Checkpoint icon was here}

    It looks like the security policy (firewall) stays turned off if you reboot. However, I haven't tested what happens when you actually try to connect to VPN. Connecting might re-activate the firewall.

    So there you have it.
  • Mike_Alexander Level 1 Level 1 (0 points)
    I have the same issue (with other machines not being able to access my Mac when the SecureClient software was installed). I also found the same solution (i.e. selecting "Disable Security Policy" from the SecureClient->Tools menu. However, when I reboot, the security policy is enabled again. Does anyone know of a way to have the security policy disabled by default?

    BTW, the release notes for the Mac version include some handy instructions for stopping the SecureClient software launching for every user when they log in (the background daemons are still running though). Check out the FAQ at the end of the release notes for details.
  • Dan Hamm Level 2 Level 2 (245 points)
    No longer an issue.