Wednesday, 3 February 2016

"Connection Failed: Enforce Firewall Policy failed" - on OSX Yosemite

According to SK106293 - this problem can be fixed via a hotfix from Check Point TAC.
I've tried the hotfix and it doesn't appear to perform any different. You still get the same error pop up and in the logs.
There is a workaround though - you need to manually disable the firewall on the client (if your policy allows for it).

First, shutdown the CP client from your menu bar.

Stop the CP services

 sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist  

Edit your Trac.defaults file at /Library/Application Support/Checkpoint/Endpoint Connect/Trac.defaults

The top line should read something similar to


(the formatting of this file is horrible - I've removed loads of spaces / tabs to make it more readable).

Change the value of '1' to '0'.

Restart the CP services then stop them again

 sudo launchctl load -w /Library/LaunchDaemons/com.checkpoint.epc.service.plist
 sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist  

This will start the services and decode your Trac.config file so you can edit it (make sure you stop the services again to be able to edit the decoded file!).

Find the line like <PARAM enable_firewall="true"></PARAM>  and edit the value 'true' to 'false'. You might have another like showing the name of your policy - I'm not sure it's required with the policy disabled but I edited mine from "desktop_policy" to "".

Save and close the file then finally start the services again.

 sudo launchctl load -w /Library/LaunchDaemons/com.checkpoint.epc.service.plist  

Start the Endpoint VPN application again from Launchpad and try to connect. If it works for you too - awesome! If it doesn't - sorry, best speak to TAC to get a proper solution.


  1. Oh thanks a lot. This worked!

  2. I found the same problem on my macOS High Sierra, version 10.13.6. I went to my systems "Security & Privacy" (from hotspot or go to settings and search for Security and Privacy). And on the General tab there was a lock applied on Check point software, I did hit on the Allow button and the Check point vpn started working fine for me.

  3. Thank you! It worked on Mojave 10.14.2

  4. Worked on catalina. F check point!