VPN client stops working in visitor mode after major update


Yesterday I looked at the Checkpoint VPN Secure Client issue . After an upgrade from NGX R65 to R70 VPN client doesn't connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens often so I bring it here . Actually I see it as the "it is a feature not a bug" case - after major upgrades to the firewall, the Management WebGUI (the one you use after fresh install to run the wizard) listening port will be reset to its default value of 443. This, in turn, prevents any other daemon/service listening on this port , so Visitor mode (I guess also SSL Extender) will not work. To fix it you just change listening port for WebGUI. Now lets get to SSH. To see the problem:

#lsof -i -n | grep https

    cp_http_s  1864 nobody   11u  IPv4   14977       TCP *:https (LISTEN)

To fix the problem:

#[Expert@fw]# webui disable

    Shutting down cp_http_server_wd:                           [  OK  ]

[Expert@fw]# webui enable 4445

    Running cp_http_server_wd:                                [  OK  ]

Now WebGUI wil be listening on port 4445 , and vpnd as should will be listening on 443:

[Expert@fw]# lsof -i -n | awk '/https/ || /4445/'

    vpnd       3564   root   26u  IPv4 29060053       TCP *:https (LISTEN)
    cp_http_s 10300 nobody    5u  IPv4 29100889       TCP *:4445 (LISTEN)

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.