Video Screencast Help

SEP MR1 vs CheckPoint VPN

Created: 16 Jan 2008 • Updated: 22 May 2010 | 20 comments
We've been running SEP (pre MR1) for a few months successfully but MR1 seems to have some issues when CheckPoint VPN client is installed.
 
1) SMC CMC Crashes every boot up and frequently afterwards. Either it crashes with an error message, or the service crashes and restarts, or network traffic suddenly stops
 
2) The clients connect to the SEPM server but after a couple of minutes lose their connection and don't get it back until SMC is restarted.
 
If CheckPoint is removed, all the problems go away, but we use it a lot for VPN. I have an open support call with Symantec already but was wondering if anybody else has experienced this issue and if they have a workaround/fix?
 
Thanks,
David



Message Edited by RF1_DavidC on 01-16-2008 07:01 PM

Message Edited by RF1_DavidC on 01-16-2008 07:05 PM

Comments 20 CommentsJump to latest comment

MustangGT's picture
We have an active case with Symantec on this issue.  Fortunately, we're testing the thin web client.
CHutchins's picture
Same problem here.
I noticed in the MR1 notes it mentioned fixing a compatability problem with the Checkpoint VPN Client.
We're running MR1 and still have this problem.
 
Does anyone have a workaround? Is there a way to run without the Smc service?
Felix W.'s picture

Same problem here with Check Point VPN-1 SecureClient and SEP MR1. Lost connection, reconnect, SMC.EXE crashed and so on.

Vision's picture
We have the same problem on computers with SEP client when we use Checkpoint SecureRemote VPN and also Vodafone Mobile Client software are unable  to create profiles and RAS refuses to work properly.
 
Does anyone have a solution beside remove SEP?  
CHutchins's picture
Does anyone know if it's possible to work around the problem by installing the SEP client in unmanaged mode?
Michal's picture
Hi,
 
Exactly the same problem, after install MR1: smc suddenly shut down,restart, and all network traffic is blocked. I've heard that probably conflict with VPN client will be fixed in MR2 , which release is scheduled on April 08.
rw's picture
I've been having a similar issue:
 
Vista Ultimate 32bit on a Dell M1710
Integrated Broadcom NIC
Intel Wireless NIC
Sonicwall GVC ver4
 
Here is what I have noticed so far:  If I install the SEP Client on the laptop in the temporary group, everything seems to stay stable.  Even with Sonicwall GVC and both NICs enabled and active.  Rebooted 5 times to test and still stable. 
 
As soon as I moved the laptop to a group that had more than one location setup it screwed SEPC up.
 
I moved the laptop back to a group with only one location.  Then, I unplugged the power cord on the laptop so the hard wired NIC would be disabled.  Held down the power button for 10-15 sec. 
 
Powered back on the laptop, logged in and saw that the SEP Client loaded OK and the wireless connection connected just fine.  I launched the Sonicwall GVC and connected to our corp network.  Told the SEP Client to update policy (to see the change to a new group).
 
Rebooted the laptop with both hardwired and wireless connection connected and enabled.  SEP Client loads fine and both connection connect without a problem.
 
What I don't understand is how the SEP client determines what policies to apply to which active network connections (multiple simultaneous connections that is).  
 
My laptop is only stable with one location and one set of policies.  I only have a problem when I setup Multiple location in the SEPM. 
 
Anyone else notice this?



Message Edited by rw on 01-24-2008 11:37 AM

Message Edited by rw on 01-24-2008 11:42 AM

MJ8088's picture
Has anyone tried adding Centralized Exceptions either for the CP folders or perhaps the CP process themselves? This should prevent IPS/NTP/PTS from killing the services.
 
Just a thought since you will be waiting awhile from Symantec support. They are so bogged down I go days without hearing from them.
 
 
Jeferson Propheta's picture

no way, neither with the exclusions (Folder and Process), there is no way for boths coexist.

Versions
SecureClient -  R60-191
SEP: 11.0.1000.1375

DW1 IT Department's picture
I have the same issue!!
 
Does Symantec fix the problem or do they want that everyone has to uninstall checkpoint client!!
 
Can someone from Symantec answer this problem --> if they are working or it??
 
Would be fine for my 30 clients without antivirus software because they have checkpoint!!!
 
 
ukDavidC's picture
It seems that the problem *might* be fixed with MR2, due towards the end of April. We aren't able to roll out to everyone until thats about and our problem is fixed due it being a major issue.

Please don't forget to mark your thread solved with whatever answer helped you : )

GrahamA's picture
Hi all,
 
We did indeed fix a compatibility issue between the SEP client and Checkpoint SecureClient in MR1. Unfortunately another issue came up and is scheduled to be fixed in our upcoming MR2 release.
 
We're hoping to provide a beta of MR2 for external testing soon, so hopefully those currently affected by compatibility issues on this thread can test drive and confirm for us that MR2 does indeed resolve the issue.

GrahamA Product Management, Symantec Security Solutions

TTassos's picture
Thanks GrahamA for the update.  We will be watching for updates on this issue. I also have a client with these symptoms.
DW1 IT Department's picture
Good morning!
 
My problem it that notebooks with checkpoint CAN'T work with Endpoint MR1 on it!
SMC.EXE is running on 100% and you are not able write a simple word file!!
Waiting for MR2 is no solution for me!
What can i do that the clients can work (with endpoint and with checkpoint)???
 
Thank you are
DW1 IT Department's picture
Good morning!
 
My problem it that notebooks with checkpoint CAN'T work with Endpoint MR1 on it!
SMC.EXE is running on 100% and you are not able write a simple word file!!
Waiting for MR2 is no solution for me!
What can i do that the clients can work (with endpoint and with checkpoint)???
 
Thank you are your
DW1 IT Department's picture
Good morning!
 
My problem it that notebooks with checkpoint CAN'T work with Endpoint MR1 on it!
SMC.EXE is running on 100% and you are not able write a simple word file!!
Waiting for MR2 is no solution for me!
What can i do that the clients can work (with endpoint and with checkpoint)???
 
Thank you are your answer GrahamA!
Eduardas's picture
Hello there to all "Beta testers". We made a support call on the subject as well. After hours of testing (along with Symantec technician, remote desktop sessions, etc.) all we came to was the answer it is going to be fixed with next version. It would be nice to know anyway if MR1 is worth installing or do we still have to wait for MR2. I mean if particulary an issue of client server connectivity has been resolved (I do not use network and proactive protection features anyway). We still have Symantec Antivirus 10 in production (working very well by the way) on those checkpopint notebooks, but upgrade should be done sooner or later because we PAID for it.
DW1 IT Department's picture
Does anybody know if the issue is solved in MR2???
Eduardas's picture
Yes, the problem has been resolved in MR2, it is also mentioned in readme. We have tested and I can at least confirm that connectivity issue has been solved. The only thing you should really avoid is setting long (8 or more chars) encryption password (the one that has to be set during installation on Endpoint protection mgr). By the way, we have also upgraded from MR1 to MR2 without any troubles. I feel quite comfortable to start deploying MR2 into production.