I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions
Due to a change in the way CheckPoint are now rolling out policies, the native snx client and SSL client require different policies. This means that you may be in the situation where you need to run the SSL Network Extender to gain access to the network. This seems to call the native client with the -Z switch.
I was unable to connect even after following this tutorial “Install Oracle Java JDK/JRE 7u25 on Fedora 19/18, CentOS/RHEL 6.4/5.9″ and confirming that java was in fact installed and verified working. It was only when I installed and succeeded in getting it working on CrunchBang Linux, that I released that Fedora is running SeLinux now so seamlessly that I forgot that it is even running.
I tailed the log files and saw messages relating to the snx client
tail -F /var/log/audit/audit.log /var/log/messages
Aug 7 00:00:00 pc setroubleshoot: SELinux is preventing /usr/bin/snx from using the dac_override capability. For complete SELinux messages. run sealert -l 00000000-0000-0000-0000-000000000000
Running sealert -l 00000000-0000-0000-0000-000000000000 as suggested resulted in the answer
***** Plugin mozplugger (99.1 confidence) suggests *************************
If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool unconfined_mozilla_plugin_transition 0
Once that was done, SNX worked fine. Be warned that this allows all plugins not just snx.
Thanks!
saved my day o/