I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions
Life has conspired to bring me back to the open arms of Kubuntu and with a new install comes the required update on getting Checkpont Firewall AKA SNX working. This is part of the snx series here.
The first step remains the same and is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.
# sh +x snx_install.sh Installation successfull
If you run this now you will get the error
snx: error while loading shared libraries: libpam.so.0: cannot open shared object file: No such file or directory
We can check if the required libraries are loaded.
# ldd /usr/bin/snx | grep "not found"
libpam.so.0 => not found
libstdc++.so.5 => not found
This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready. The old trick of simply installing ia32-libs will no longer work since MultArch support has been added. Now the command is simply
apt-get install libstdc++5:i386 libpam0g:i386
You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.
user@pc:~$ snx -s my-checkpoint-server -u username Check Point's Linux SNX build 800007075 Please enter your password: SNX authentication: Please confirm the connection to gateway: my-checkpoint-server VPN Certificate Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK Do you accept? [y]es/[N]o:
Note the build number of 800007075. I had difficulties connecting with any other version lower than this.
Ken, i’ve only managed to find 800007027. no sign of 800007075. Can you do everyone in the world a huge favour and identify the correct checkpoint support site download link, i’ve hunted through their search tool for 2 hours without identifying which download is correct.
Hi Lukeab,
I got this version from our IT department and I’m not allowed to distribute it. Sorry. This is what RMS means about not been able to help a neighbour.
Ken.
ahh, thanks for explaining that Ken, I’ll have to badger our IT department to get what i can.
The latest I could find available for download so far is 800007058, which i found in a comment to an AUR package https://aur.archlinux.org/packages/snx/
It was interesting the comment said
Good evening –
I have tried following your steps and everything seems fine until I hit [Y]:
——————————-
root@PC:~# snx -s my-checkpoint-server -u username
Check Point’s Linux SNX
build 800007097
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:
y
SNX: Authentication failed
——————————-
I get the proper connection gateway information, but then I get authentification failed. My password is right as I am able to login via a Windows OS browser using Mozilla Firefox.
Can someone shed some light on why I may be having this issue? Let me know if you need some specific details…
Thank you,
Anthony I.
You must use version “build 800007075”
Ken
this is bullshit. He tells you to occupy only a specific version, which doesn’t exist in any other part of the globe rather than on his IT department. However tells you that any other version will not work. then what is the reason for this post ?. doesn’t help at all.
is like saying “hey, snx works for me but you will never get it work”
Hi Louis,
Isn’t there some value in knowing what will work and what won’t ? If you work for a company with a contract with Checkpoint, you can request the version as part of your contract. I would love to be able to link directly to the software, but the license doesn’t permit it. If we expect people to respect the terms of FLOSS licenses we need to also respect the terms of proprietary licenses.
So please don’t shoot the messenger here.
Regards,
Ken.
Thank You!!!
Stefano
Hi Ken,
What is your CheckPoint device? I have an Appliance 600. If I try to connect from browser everything is fine, but if I use the snx client from command line, it always returns the following message “SNX: Authentication failed.”
From what I see the java applet (loaded by the browser) calls the snx client (build number 800007027) from command line. It seems a little bit strange!
Is it possible there is a difference across different devices?
Regards,
Rino
Thank you Ken!
Pingback: CheckPoint SNX install instructions for major Linux distributions | kenfallon.com
Pingback: CheckPoint SNX install instructions for major Linux distributions | Linux Admins
Great! Thank you Ken!
Thank you for posting this!
To launch, I could not achieve this by using snx in CLI – authentication kept failing.
But sessions within browser are now working! Thanks again!
Thanks for this easy solution!!
Btw. there is a typo in the title, it is ‘CheckPoint’ not ‘CheckPont’ 🙂
Well spotted. I fixed it.
Hi! Ken i have the same issue “SNX: Authentication failed”
but my version is:
Check Point’s Linux SNX
build 800007097
i saw that to use “build 800007075” but, dont find t
Hi Jonathan,
CheckPoint have dropped support for the client. I have an updated post here (https://kenfallon.com/checkpoint-snx-install-instructions-for-major-linux-distributions/) which gives you more information.
The good news is that it is still possible to connect via Linux but the bad news is that it requires X, Firefox, Java *and* the SNX client, to work.
Ken
Hello,
thanks a lot, works exactly like described! In Wily Werwulf!
Regards,
Peter
Awasome! Thank you very much.
Hi,
I successfully installed the build 800007102 of the CheckPoint client. VPN-connections are working. But I have the problem with DNS resolving of “other” hosts during the snx client is running. It seams the snx client modifies my /etc/resolv.conf when it is started and this let resolving of all none-VPN hosts fail.
When the snx client isn’t started, the resolv.conf looks like this:
nameserver 1xx.1x.3x.4x
nameserver 127.0.0.1
search futura.lokal
When the snx client is running, it look like this:
nameserver 1x.1.x.4
nameserver 1x.1.x.100
nameserver 127.0.0.1
nameserver 1xx.1x.3x.4x
search xxx.de xxx2.de futura.lokal
I found this Issue of CheckPointSupport:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31082
But the describe solution with modifying /etc/nsswitch.conf doesn’t help.
Does anyone has the same problem and eventually a solution?
Best Regards,
Johannes
Hi Ken,
Your post privided the missing hint for me to get snx working on Debian Jessie 64 bit. Thanks! Here is the full recipe that worked for me:
dpkg –add-architecture i386
apt-get update
apt-get install libstdc++5:i386 libpam0g:i386
Pingback: Conexion Checkpoint VPX desde un Linux - MundosysadminMundosysadmin
Hi Louis,
I can confirm: after days of frustrating unsuccessful trials with different versions of snx I tried build 800007075 and it worked immediately!
Thank you very much Ken!!
Hi
How do I build or downgrade to 800007075 ?
My build is:
Check Point’s Linux SNX
build 800007116
As already explained in the comments above this is a closed source program that I am not allowed to redistribute.
Please see my instructions here https://kenfallon.com/checkpoint-snx-install-instructions-for-major-linux-distributions/ for getting it working with the web browser.
Hi,
I managed to find 80007075 version, but it still says “SNX: Access denied – User authentication failed”. I am certain I have the correct credentials, they work from web browser in Windows. Does the server also need to be at specific version for this to work?
Hi Nik,
Could you share the install file with me, please?
I’m sorry Martin, I’m afraid I will not allow any links to illegal sourced software on this site.
https://kenfallon.com/checkpont-snx-on-ubuntu-14-04-lts-trusty-tahr/#comment-51668