Thursday, January 3, 2013

Connecting to Checkpoint/using SNX in Ubuntu 12.10 64bit

GET CONNECTED, NOT INFECTED
Get snx, either by going to your Checkpoint site, clicking Manual Download for Linux, and running the bash script downloaded, or by going to the Checkpoint website listed under Links and following the instructions there.

To get snx working properly, we will need to install some prerequisites by doing:
sudo apt-get install icedtea-7-plugin openjdk-7-jre ia32-libs libpam0g:i386

To connect to your Checkpoint site, run
snx -s <your_checkpoint_server> -u <username>, where <your_checkpoint_server> is the IP (i.e. 192.192.192.66) or DNS name (i.e. checkpointserver.example.org) of the Checkpoint server, and <username> is your domain login.

Once connected, you should be able to type ifconfig, and see a new interface called tunsnx with your VPN IP. You will probably need to remember the IP of at least one computer on the other side of the VPN in order to SSH - your company/school/whatever DNS probably won't resolve to right IP when you connect over VPN. I usually ssh to a "homebase" computer on the other side of the VPN, then ssh to other places as needed.

ssh me@192.192.192.67 - YES ----> ssh me@myworkserver - YES
ssh me@myworkdestop - DOUBTFUL

To disconnect, simply do sudo ifconfig tunsnx down; sudo pkill snx
For better disconnection, use snx -d ,as mentioned by kholis in the comments - thanks!


LINKS
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65210

http://kenfallon.com/check-point-ssl-network-extender/