Symptom

  • In Safari version 6-8, launching SSL Network Extender fails with "failed to download", or "Safari blocks Java plugin" error.

  • In some scenarios, launching the SSL Network Extender is stuck at 'Initializing' stage without any errors.


Cause

In Safari 6.1 (Mac OS X Mountain Lion - 10.8.5) / Safari 7 (Mac OS X 10.9 - Mavericks), Safari 8 ( Mac OS X Yosemite 10.10.x and MAC OS X 10.12) Apple introduced a sandboxing mechanism. The sandboxing blocks some core functionality of Java, and as a result SSL Network Extender and other portal components fail to launch.  In MAC OS 10.12 the browser feature "unsafe mode" is not available. 



Solution

The following workaround is available:

Note: The "Run in unsafe mode" will disable the sandboxing added by Apple. It will not disable the Java protections in place. This setting will be limited to specific sites you had configured explicitly, and not to each site you connect to. You can limit it to the trust you have with Check Point Security Gateway.

Procedure:

  1. When Safari is opened, go to preferences (⌘, keys or Safari menu) -> Security -> Manage Website Settings.

    Prefernces


    In OS X 10.10 to 10.12 go to preferences (⌘, keys or Safari menu) -> Security -> Internet plug-ins: "Website Settings..."


    In OS X 10.13, go to preferences (⌘, keys or Safari menu) -> Websites -> Plug-ins.

  2. Go to 'Java' tab -> Click on the drop-box next to portal.vpn2.lesley.edu and choose 'Run in Unsafe Mode'. (There will be a pop-up prompting you to make sure you really want to apply this setting.)  If you are running OSX 10.12 or later "Run in Unsafe Mode" is not a valid option.  Instead, Unselect "Run in Safe Mode"

    Plugin settings

  3. In OS X 10.13, while clicking on the �Option (ALT)� button, click on the drop-box near safe mode" and choose "On".
  4. After applying the change, close Safari and reopen it. This will allow the connection to work.