Checkpoint SSL Network Extender and Fedora19

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

Due to a change in the way CheckPoint are now rolling out policies, the native snx client and SSL client require different policies. This means that you may be in the situation where you need to run the SSL Network Extender to gain access to the network. This seems to call the native client with the -Z switch.

I was unable to connect even after following this tutorial “Install Oracle Java JDK/JRE 7u25 on Fedora 19/18, CentOS/RHEL 6.4/5.9″ and confirming that java was in fact installed and verified working. It was only when I installed and succeeded in getting it working on CrunchBang Linux, that I released that Fedora is running SeLinux now so seamlessly that I forgot that it is even running.

I tailed the log files and saw messages relating to the snx client

tail -F  /var/log/audit/audit.log /var/log/messages
Aug  7 00:00:00 pc setroubleshoot: SELinux is preventing /usr/bin/snx from using the dac_override capability. For complete SELinux messages. run sealert -l 00000000-0000-0000-0000-000000000000

Running sealert -l 00000000-0000-0000-0000-000000000000 as suggested resulted in the answer

*****  Plugin mozplugger (99.1 confidence) suggests  *************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
# setsebool unconfined_mozilla_plugin_transition 0

Once that was done, SNX worked fine. Be warned that this allows all plugins not just snx.



This entry was posted in snx. Bookmark the permalink.

1 Response to Checkpoint SSL Network Extender and Fedora19

  1. Rafael says:


    saved my day o/

Leave a Reply

Your email address will not be published. Required fields are marked *