Help! CIS is blocking my connection to VPN

??? This is my first time to use this highly rated firewall, and i think i looks very solid, although configuring it is a little confusing for newcomers. Anyway, here is my problem, i am having difficulty connecting to VPN (my Outlook needs to connect to this network to retrieve company mails). I am using CheckPoint SSL Network Extender to connect to vpn. I have already configured CIS to allow this program and treat it as a “trusted application” but CIS still continue to block it. I am attaching a snap of firewall network security policy. Is there anything else that i need to configure? My firewall and defense+ are set to “Safe Mode”

Help would be very much appreciated. Thanks.

[attachment deleted by admin]

I have hardly any experience with VPN connections. I asked the other mods to take a look and throw in their experience.

Hello Timonski,

Does the firewall alert you for finding a new network once the extender is active ?
Does it work if you put the Firewall to “disabled” before you connect ?



1.) No, CIS do not notify anything when the extender is loaded. Although i always get an alert everytime i connect to my wireless usb modem that “a new network is found”. Has this got to do with SSL extender being loaded?

2.) My SSL extender worked very well when i was still using zone alarm, until i switched to CIS then the problem started to arise… i am dissabling CIS temporarily…hope i get more input on this problem from the highly advanced users in this forum… Thanks

Okay if checked a few things on this app seems like it loads a piece of software on your system so we could be facing 2 issues.

  1. Firewall blocks traffic
  2. Defense+ blocks application to function correctly.

From Checkpoint:
SSL VPNs are a great remote access solution because they don’t require IT departments to upgrade and manage client software—all a user needs is a Web browser. However, remote users still need to access network applications. SSL Network Extender is a browser plug-in that provides clientless remote access, while delivering full network connectivity for any IP-based application.

Can you for the test enable all but the Firewall and see if it still works ?
Then we know if the problem is caused by the firewall configuration.
If it does not work, try again with Defense+ disabled and see if that helps.

Once we know what causes the problem we can figure out what to change…


1.)You are correct, the extender loads a software so i can log-in to the VPN.
2.) I re-installed CIS and chose only “firewall” w/out defense+ and all the other stuff.
3.)I loaded the SSL extender and log-in to vpn, the connection failed…

When CIS was uninstalled, using only windows firewall, the extender worked perfectly fine…so i guess its CIS firewall is the one causing the connection failure…thanks

[attachment deleted by admin]

So it’s caused by the Firewall settings, could you reinstall CIS and and leave settings default.
They try Checkpoint and see if that works, i think it should not alert you on this traffic but automatically create a rule.

I think it will use Internet Explorer as “outgoing” application because it’s a plugin, not sure though because java for example starts it’s own executable to connect to the internet.

If it alerts you for some traffic probably the ip address will be the same as on this screenshot blacked out. If that holds a DNS name you could try to resolve it using a command-box.

Start, Run, Cmd, and type

ping whateverhostname

And press Enter after that, this should display the ip address to you.