Checkpoint Endpoint Security Failed To Topology
I use both the Apple VPN client (L2TP over IPSec in Network preferences) and Checkpoint Endpoint Security client to connect to work.
I installed Yosemite last night and today I can not connect to work using VPN. It connects to the server but fails.
This section shows the Remote Access VPN Workflow. Start at the top, with Create Security Gateway and define Security Gateway properties, and trace a route down to Install policy. Sections following the chart detail step-by-step procedures for each phase. Mar 12, 2010 - Check Point`s Endpoint Connect software provides a number of client side. Endpoint Connect fails to connect to NGX R65 Security Gateways that are. Security Management server with error: 'failed to download topology'.
The Checkpoint software gives a bit more feedback: 'Connection Failed: Enforce Firewall Policy failed'. This occurs after authentication of my username/password.
Both clients work fine on my MacBook which still has Mavericks.
Suggestions?
Mac mini, OS X Yosemite (10.10)
8 Answers
I think the unerlying issue is that Yosemite will not load kext (kernel extensions) unless they are signed by an authorized kernel extension developer. However in 10.8 and earlier, kexts could not be signed and signed kexts for 10.9+ will not load in <10.9.
I experienced the same issue loading unsigned tuntaposx for the vpnc cisco client.
You can override this behavior and allow the cpfw.kext to load in Yosemite by putting your computer into kext developer mode. This essentially reverts to the 10.9 behavior by allowing unsigned kexts to load.
Now reboot and your kext should load.
You can revert by doing this:
According to the debug logs this is related to a problem with loading /System/Library/Extensions/cpfw.kext
Deleting the site and re-creating it does not fix this problem.
Uninstalling and re-installing the Check Point Endpoint Security client (version E75.01) worked for me too and I am using a static IP (not DHCP) on my mac mini.
Note about uninstalling the Endpoint Security client E75.x and newer: Open the original DMG package you used to install the client and launch the Uninstaller shown. If you get an error message about your security settings not allowing non-appstore apps or untrusted applications from launching, hold down the Control key and then click on the Uninstaller. Selecting Open at this point will allow the Uninstaller to run.
I did confirm the uninstall removed and the reinstall did create a new /System/Library/Extensions/cpfw.kext file. I did not have to reboot but note I did shutdown the client before running the uninstaller.
However this may be a temporary fix as there is a Checkpoint Forum entry about another person who has also encountered this problem and has fixed it by uninstalling and installing but on a reboot the problem came back for them. That person tried versions E80.41 and E80.42. See https://forums.checkpoint.com/forums/thread.jspa?threadID=21491&tstart=0
Another Check Point Mac VPN Yosemite thread is reporting similar issues where some claim their client still works after a reboot but others, including the author of the above thread, who continue to see the problem return after a reboot: https://forums.checkpoint.com/forums/thread.jspa?threadID=21181&tstart=0
Version 80.60 has been released by Checkpoint. It works for me so far.
Download from: Endpoint Security VPN for Mac E80.60
Brian's answer regarding kext developer mode also worked.
I set my Wifi to DHCP instead of static IP, then VPN worked for me.
I completly removed Check Point Endpoint Security client (version E80.42), rebooted computer and installed it again. Now it works ok. My WiFi is getting IP from router via DHCP.
I just re-installed Endpoint Security E75.01 after closing it (not un-installing it) and it worked correctly again.
Same thing is happening here. L2TP VPN fails if I have a static IP. If I switch to DHCP it works. I'm connecting to a Sonicwall NSA4500.
Fun bug, Apple. Hope it gets resolved in 10.10.1.
I tried the suggested solutions and they did not correct my issue. I reinstalled Yosemite to get my Apple IPSec client to work. The issue returned so I also turned off automatic updates for the OS and all applications. So far the issue has not returned for a third visit.
As of Yosemite 10.10.2 it seems Apple fixed the bug.
Checkpoint Endpoint Agent
You must log in to answer this question.
protected by Community♦Oct 20 '14 at 3:07
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Not the answer you're looking for? Browse other questions tagged vpnyosemite .
Hello all,i am using a Checkpoint R6 HFA_70 Cluster with a lot of VPN Clients.
The most of them are Secure-Client-Users, which works fine.
I am trying to have a coexistence with Endpoint Connect because i have 2 Users with Windows 7 / 64 Bit. I created a Client like described in the manual and updated the connectra plugin on smartcenter and both firewall-boxes. After that i installed the policy.
SecureClient still works fine.
Endpoint Connect terminates with 'Failed to download Topology' Message.
Any ideas how to solve this?
regards
Cannot Uninstall Checkpoint Endpoint Security
bytesleuth