https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22002#M89851 <HTML><HEAD></HEAD><BODY><P>That is applicable to end point VPN as well? Or only for mobile access policy? Yes I have community in the rule base.</P><P></P><P>What should be done in that case?</P></BODY></HTML> Tue, 08 Jan 2019 01:41:21 GMT Blason_R 2019-01-08T01:41:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22000#M89849 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>Again converting legacy policies to R80.10; here is one more issue would like to discuss. Previously I had legacy user access Remote Access VPN Solution [EPM].</P><P>Then edited the policy and ticked the Application Blade.</P><P>When&nbsp;tried installing policy it threw an error about legacy user access group which was used for Remote VPN. Hence I created access role and added those groups in the rule.</P><P></P><P>Now policy installation was successful and even users were getting connected however one issue I faced was even though ports were allowed in the same rule. Traffic was dropping for Office mode client IPs to destination IPs which were present in the rule and it was dropping at the clean up rule.</P><P></P><P>Any clue why? Then I again reverted the changes and it started working fine.</P><P></P><P>Like</P><P></P><P><STRONG>Rule#56</STRONG></P><P>Source - <A href="mailto:RDPusers@Any">RDPusers@Any</A></P><P>Dest - RDP_10.10.10.10</P><P>Service - TCP_3389</P><P>Action - Accept</P><P></P><P><STRONG>Rule#80</STRONG></P><P>Any<BR />Any</P><P>Drop</P><P></P><P>So traffic was dropping at <STRONG>Rule#80</STRONG> when <STRONG>Rule#56</STRONG> was converted to</P><P>Source -<SPAN>&nbsp;Access_Role_RDPUsers</SPAN></P><P>Dest - RDP_10.10.10.10</P><P>Service - TCP_3389</P><P>Action - Accept</P></BODY></HTML> Mon, 07 Jan 2019 17:36:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22000#M89849 Blason_R 2019-01-07T17:36:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22001#M89850 <HTML><HEAD></HEAD><BODY><P>If you had a VPN community in the rule with access roles, this may have caused the drops, provided you were using "Unified Access Policy".</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76747_pastedImage_1.png" /></P></BODY></HTML> Mon, 07 Jan 2019 18:57:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22001#M89850 Vladimir 2019-01-07T18:57:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22002#M89851 <HTML><HEAD></HEAD><BODY><P>That is applicable to end point VPN as well? Or only for mobile access policy? Yes I have community in the rule base.</P><P></P><P>What should be done in that case?</P></BODY></HTML> Tue, 08 Jan 2019 01:41:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22002#M89851 Blason_R 2019-01-08T01:41:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22003#M89852 <HTML><HEAD></HEAD><BODY><P>My understanding is that "Mobile Access Policy" is covering all remote access means and is run either in Legacy or Inline modes.</P><P></P><P>This is the example of the policy I was using in one of my labs with Mobile Access layer:</P><P><IMG src="https://community.checkpoint.com/legacyfs/online/checkpoint/76754_pastedImage_3.png" /></P><P></P><P>With Access Roles configured according to your client of preference and the VPN column set to Any.</P></BODY></HTML> Tue, 08 Jan 2019 04:57:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Legacy-Remote-access-solution-with-R80-10/m-p/22003#M89852 Vladimir 2019-01-08T04:57:41Z