I decided to do a round up of how to install the software needed on GNU/Linux to enable access through a CheckPoint firewall. My focus was on distributions whose ISO downloads supported UEFI boot, and hard disk encryption out of the box. This explains why Debian is not in this list. These requirements may not apply to you so feel free to add the instructions for your distro of choice to the comments below.
The SNX file extension indicates to your device which app can open the file. However, different programs may use the SNX file type for different types of data. We are aware of 1 different use of the SNX extension, which you can read more about below. 1 known use of the SNX file extension. Can you generate a debug file with snx -g? – Rui F Ribeiro Sep 18 '19 at 22:59. Through the windows/mac checkpoint client the vpn connection works perfectly.
As of build 800007075 Checkpoint no longer support using the Native Client on the command line. This prevents scripting logins, and also requires a heavy desktop when we were able to survive with a headless server. Access is still possible, but only via the “SSL Network Extender“. This is a major pain as it requires (from my experience) X server, Oracle Java, and the FireFox browser to run. Chrome gives this helpful message on the Java website:
The Chrome browser does not support NPAPI plug-ins and therefore will not run all Java content. Switch to a different browser (Firefox, Internet Explorer or Safari on Mac) to run the Java plug-in.
Despite all this, it still uses the native client but with the “unsupported” -Z option. Ah well.
With all the distributions I did the following:
- downloaded the most prominent ISO on offer at the projects main page
- used dd to transfer the image to usb stick
- installed using full disk encryption
- applied all the patch fixes
- installed openssh-server.
Let me tell you now that your future is full of warnings like, This Connection is Untrusted, I understand the Risks, Add Exception, Confirm Security Exception, allow, allow remember, continue, run, allow, trust server, etc etc. I found it useful to browse to the Verify Java Version site in Firefox to verify that java is working.
You will also need to know the url, username and password for your own checkpoint login site. It should be something like.:
https://checkpoint.example.com/sslvpn/Login/Login
https://checkpoint.example.com/sslvpn/Login/Login
These instructions are going to be terse but the links provided should give you more information if needed.
Ubuntu 15.04 Vivid Vervet
We’re going to install a ppa to get java, change the root password and install some additional libraries that are needed to run checkpoint.
Pressing connect will open an xterm window that downloads and runs the native client install.sh script. You will need to enter the root password you set earlier, sudo will not work.
Now finally try the Connect > Continue > Accept Key and you should get connected.
Linux Mint 17.2 “Rafaela”
Very similar to Ubuntu, we’re going to install a ppa to get java, change the root password and install some additional libraries that are needed to run checkpoint.
Unlike Ubuntu however the install via the browser did not work for me. You will need to go to your own login site:
https://checkpoint.example.com/sslvpn/Login/Login
https://checkpoint.example.com/sslvpn/Login/Login
Then select Settings > Edit Native Applications Settings > Download installation for Linux
Open a terminal and then run the command snx_install.sh from wherever you downloaded it.
Now when you go back to the web site, your Connect button should work.
openSUSE 13.2
This is a distribution I haven’t used too much before but decided to give it a try. Again additional libraries were necessary to get snx to run. I also followed these instructions to install java.
Then is was just a case of connecting to the website and pressing Connect
Fedora 22
We have covered installing under Fedora 21 before and the biggest problem was installing Oracle Java. Get the latest from http://www.java.com/en/download/linux_manual.jsp and I copied it to /usr/local/src. You’ll need to adjust accordingly.
Summary
I’m sorry if I haven’t covered your distribution in this round up. As I said at the beginning my requirements were pretty specific, but my time was limited. If you browse through the snx series here, you should be able to find out how you can get it running on your own distribution easily enough. This is what I had to do with openSUSE, for which I was a novice user. If not you can always drop me a line.
Having to run such a bloated and convoluted tool chain just to end up running the same application is very disappointing. I am also concerned that such an essential piece of business software is built using such old libraries, and that there is no 64 bit version.
I would like to hear if there is a way to get this plugin to run from the command line, or at least run without having a browser window open. If you have suggestions please comment below.
Other possible reasons why your .SNX file does not want to open
In addition to the problem described above, i.e. the lack of the appropriate application to support the .SNX file, there may be several reasons that cause problems with opening and operation of the data format:
1. Incorrect version of the installed application
A quite common problem is the lack of application in the appropriate version. Even if you have an application, with the help of which you should open the .SNX file, you may have a problem with it because of its version. Perhaps in previous versions the application has not yet supported the .SNX file, so download the update and check again.
2. Incorrect .SNX file association with the program
Snx File Converter
If you have already installed the appropriate application, and it is the correct version, the file may not open correctly, because the operating system does not have information that this program supports the file. So you need to 'show' which program the computer should use. To do this:
Snx File Reader
- Right-click the .SNX file
- Go to the 'Open with' - then 'Choose default program ...'
- Locate the appropriate application
- Click 'OK'
3. The file is corrupt
Snx Log File
It also happens that the file you want to open is corrupt and therefore there is no such possibility. In this situation, you should find its different version, or ask a person from whom you got, to send it again.