https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195371#M36364 <P>Hello,</P><P>I need to restrict the list of users able to connect via Remote Access VPN to a list of fixed IP addresses.</P><P>There are posts, with identical requirements dating back to 2018 with no solution.</P><P>The more popular request for geolocation blocking has no solution either, but is also a few years old.</P><P>Has anyone successfully implemented such a solution, with a Check Point Firewall?</P><P>Cheers</P><P>Christoph</P> Tue, 17 Oct 2023 08:34:11 GMT Christoph 2023-10-17T08:34:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195371#M36364 <P>Hello,</P><P>I need to restrict the list of users able to connect via Remote Access VPN to a list of fixed IP addresses.</P><P>There are posts, with identical requirements dating back to 2018 with no solution.</P><P>The more popular request for geolocation blocking has no solution either, but is also a few years old.</P><P>Has anyone successfully implemented such a solution, with a Check Point Firewall?</P><P>Cheers</P><P>Christoph</P> Tue, 17 Oct 2023 08:34:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195371#M36364 Christoph 2023-10-17T08:34:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195372#M36365 <P>&nbsp;</P> <P>The Geo restrict option is possible using this solution:</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Block-VPN-Traffic-by-Country/td-p/172695" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Block-VPN-Traffic-by-Country/td-p/172695</A></P> Tue, 17 Oct 2023 08:40:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195372#M36365 Chris_Atkinson 2023-10-17T08:40:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195373#M36366 <P>This is not relevant on the CP RA VPN but on your clients - these each need a fixed routable IP and a corresponding entry in the GW rule base. As this is not the cheapest solution it is not used so much <span class="lia-unicode-emoji" title=":winking_face:">😉</span>. Most customers restrict the list of users able to connect via Remote Access VPN by defining groups of users that should be able to connect 8)</img> and do not allow others...</P> <P>Geoblocking is dangerous - a customer was only allowing RA VPN clients from his home country and had to fight the "wrong county for IP" issue a couple of times. Would be nice if it worked 100% but can be deemed not usable if a client can be restricted from access for 1-2 weeks until it is corrected.</P> Tue, 17 Oct 2023 08:55:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195373#M36366 G_W_Albrecht 2023-10-17T08:55:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195374#M36367 <P>Hello Chris,</P><P>thank you very much. Didn't found this while looking for a solution. I will check if I can break this down to a single IP or group of IPs.</P><P>Cheers</P><P>Christoph</P><P>&nbsp;</P> Tue, 17 Oct 2023 08:47:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-IPv4-Remote-Access-VPN/m-p/195374#M36367 Christoph 2023-10-17T08:47:16Z