CheckPoint VPN clients before V E81.20 fails after January 1, 2021 due to expired certificate

[German]Are you using an older CheckPoint VPN Client and/or a CheckPoint Endpoint Security Client before version E81.20? Since a certificate expires at the turn of the year, the CheckPoint software in question will no longer work after Jan. 1, 2021. Especially silly: anti-bot, forensics and firewall blade may stop working without being reported. An update has been available since August 2019.


I'll bring the topic up here on the blog so readers aren't surprised if necessary. Blog reader Fabian Fasshuber from Austria recently alerted me to the issue via Facebook message (thanks for that). Fabian wrote me about this:

I just came across something exciting from CheckPoint, which may well have an impact for many people. It is about the CheckPoint VPN client (Not all versions affected e.g. Mobile).

Fabian referenced in his Facebook note a CheckPoint support post titled Remote Access VPN clients and Endpoint service will fail to work after 1/1/2021 which addresses the issue in the Endpoint Security VPN, Endpoint Security Client and SandBlast Agent products.

Certificate expires on January 1, 2021

As of January 1, 2021, the following errors will occur in various CheckPoint products due to the expired certificate:

  • Starting 1-Jan-2021, Remote Client VPN and Endpoint Security Client versions E81.10 and lower may stop functioning and upgrade will fail and require a patch.
  • Remote Access VPN clients fail to work with "Connectivity with the Check Point Endpoint Security service is lost" error message.
  • CLI utility trac.exe shows "service is not started" error message for the "info" command. It can be used for both diagnostics of both standalone clients and clients for ATMs
  • Anti-Bot, Forensics and Firewall blade might stop functioning with no indication.

There are error entries in the VPN log file under Windows for the connection attempts. The problem occurs because of the internal certificate used by the endpoint services. One of the certificates expires on 1/1/2021, so all services using this certificate will stop working on 1/1/2021.

Patch available since August 2019

CheckPoint states that since in August 2019, version E81.20 has been released. This release resolves the usage restriction of older versions of Check Point Endpoint, VPN, and SandBlast agents (sk158912). These older, unsupported versions – Endpoint/VPN E80.81 through E81.10 and SandBlast agent E80.61 through E81.10 – can no longer be used after Jan. 1, 2021. So anyone running an older client or agent should still update the product in December 2020.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *