June 9, 2012

Check Point SNX R66 HFA for Linux

This tutorial is made for connecting computer with Ubuntu Linux with CheckPoint NGX R66 firewall.

All the below is controlled with Ubuntu 11.10, 12.04 and same releases on Xubuntu.

Download "SNX NGX R66 HFA 1 for Linux" - Check_Point_SNX_R66_HFA_01_For_Linux_800004013.sh from here - https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=8724 or search it with your favorite search engine.

In terminal window: sudo -s -H
In terminal window: bash ./Check_Point_SNX_R66_HFA_01_For_Linux_800004013.sh (before that go to the folder where you saved installation file, dot before slash is required)
In terminal window: apt-get install libstdc++5
In terminal window: apt-get install ia32-libs
In terminal window: snx (to control that snx is properly installed)
---
You get now output (failing is normal at this point):
failed to open file: /root/.snxrc
Valid attributes are:
  - server          SNX server to connect to
  - sslport         The SNX SSL port (if not default)
  - username        the user name
  - certificate     certificate file to use
  - calist          directory containing CA files
  - reauth          enable automatic reauthentication. Valid values { yes, no }
  - debug           enable debug output. Valid values { yes, 1-5 }
  - cipher          encryption algorithm to use. Valid values { RC4 / 3DES }
  - proxy_name      proxy hostname
  - proxy_port      proxy port
  - proxy_user      username for proxy authentication

---
In terminal window: snx -s your_checkpoint_server -u your_username
---

Output:Check Point's Linux SNXbuild XXXXXXXXPlease enter your password:SNX authentication:Please confirm the connection to gateway: your_checkpoint_server VPN CertificateRoot CA fingerprint: SOME FING ERPR INTI SHER EOOO UUU AAAA IIII EEEE SSSSDo you accept? [y]es/[N]o:
---

You are now connected with Your network and can access all the servers You have allowed to connect with VPN connecton.

---To disconnect the session
In terminal window: snx -d