https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136874#M20705 <P>Thanks I need to verify that. let me revert with my findings then.</P> Tue, 21 Dec 2021 03:49:01 GMT Blason_R 2021-12-21T03:49:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136489#M20629 <P>Hi Team,</P><P>&nbsp;</P><P>I have R80.30 firewalls and R80.40 mgmt server. It has been upgraded from R77.30 almost a year back and now I would like to enable Application and URL filtering blade on policy hence activated the same from Manage policy and layers.</P><P>However since I have Remote access Endpoint client based VPN rules setup in legacy mode like this</P><DIV class="">&nbsp;</DIV><P>I am unable to do so and while installing policy it throws error. Then I tried converting legacy user access to access role however users are successfully getting authenticated but they are unable to connect as per policy and traffic is getting dropped on clean up rule. So I disabled Rule#9 and enabled Rule #8; however traffic is getting dropped any reason why?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HelpDeskAccessRole.JPG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14583i4B9ACC35D7BCAF00/image-size/medium?v=v2&amp;px=400" role="button" title="HelpDeskAccessRole.JPG" alt="HelpDeskAccessRole.JPG" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AccessRole.JPG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14585i1077FF1C908664CB/image-size/large?v=v2&amp;px=999" role="button" title="AccessRole.JPG" alt="AccessRole.JPG" /></span></P><P>&nbsp;</P><P>Am I missing anything here?</P><P>&nbsp;</P> Thu, 16 Dec 2021 03:41:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136489#M20629 Blason_R 2021-12-16T03:41:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136490#M20630 <P>Oh! By the way these are local users configured on firewall.</P> Thu, 16 Dec 2021 03:49:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136490#M20630 Blason_R 2021-12-16T03:49:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136599#M20651 <P>Have you enabled Remote Access as an Identity Source in the gateway?<BR />It’s not enabled by default.</P> Fri, 17 Dec 2021 06:01:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136599#M20651 PhoneBoy 2021-12-17T06:01:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136847#M20694 <P>Yes this is enabled and I confirmed that. What could be other reason?</P> Mon, 20 Dec 2021 17:34:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136847#M20694 Blason_R 2021-12-20T17:34:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136873#M20704 <P>Hi,</P> <P>I would check that the pdp is associating the AR with the users by running:</P> <P># pdp monitor user &lt;user&gt;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 711px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14639i46611625756E6388/image-size/large?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span></P> <P>I would imagine this would be the cause if the IA settings etc. are correct.</P> <P>Here is my user matching a rule correctly based off the AR detected by the pdp:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14640i0CA2F84DC3663345/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14641i342915958D31D2DF/image-size/large?v=v2&amp;px=999" role="button" title="3.png" alt="3.png" /></span></P> <P>If the pdp isn't detecting the AR then you will want to recheck the configuration/debug pdpd to get more info.</P> Tue, 21 Dec 2021 03:45:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136873#M20704 mcatanzaro 2021-12-21T03:45:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136874#M20705 <P>Thanks I need to verify that. let me revert with my findings then.</P> Tue, 21 Dec 2021 03:49:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Remote-Access-Endpoint-VPN-policy-is-not-matching-the-rule/m-p/136874#M20705 Blason_R 2021-12-21T03:49:01Z