https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276114#M46090 <P class="isSelectedEnd"><SPAN>Hi Mates,</SPAN></P> <P class="isSelectedEnd"><SPAN>I have a question regarding a configuration I noticed on the customer environment.</SPAN></P> <P class="isSelectedEnd"><SPAN>There is an open rule allowing traffic from </SPAN><STRONG><SPAN>Any</SPAN></STRONG><SPAN> to the cluster object (IP 10.20.30.40) on ports 80/443. When I connect via VPN client, this rule is being hit.</SPAN></P> <P class="isSelectedEnd"><SPAN>I checked under </SPAN><STRONG><SPAN>Global Properties &gt; Firewall</SPAN></STRONG><SPAN>, and I see the option:</SPAN><BR /><SPAN>“Accept Remote Access control connections”, which allows Remote Access VPN clients to connect to the Security Gateways.</SPAN></P> <P><SPAN>My question is: can I safely disable this rule, or is it better to verify something else before doing so?</SPAN></P> Mon, 27 Apr 2026 09:49:48 GMT RemoteUser 2026-04-27T09:49:48Z https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276114#M46090 <P class="isSelectedEnd"><SPAN>Hi Mates,</SPAN></P> <P class="isSelectedEnd"><SPAN>I have a question regarding a configuration I noticed on the customer environment.</SPAN></P> <P class="isSelectedEnd"><SPAN>There is an open rule allowing traffic from </SPAN><STRONG><SPAN>Any</SPAN></STRONG><SPAN> to the cluster object (IP 10.20.30.40) on ports 80/443. When I connect via VPN client, this rule is being hit.</SPAN></P> <P class="isSelectedEnd"><SPAN>I checked under </SPAN><STRONG><SPAN>Global Properties &gt; Firewall</SPAN></STRONG><SPAN>, and I see the option:</SPAN><BR /><SPAN>“Accept Remote Access control connections”, which allows Remote Access VPN clients to connect to the Security Gateways.</SPAN></P> <P><SPAN>My question is: can I safely disable this rule, or is it better to verify something else before doing so?</SPAN></P> Mon, 27 Apr 2026 09:49:48 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276114#M46090 RemoteUser 2026-04-27T09:49:48Z https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276157#M46095 <P>To clarify which rule are you considering disabling the configured rule or the global properties option?</P> <P>sk180808 / sk105740 / <SPAN>sk60773&nbsp;</SPAN>often come up in discussion relating to similar.</P> <P>&nbsp;</P> Tue, 28 Apr 2026 10:58:04 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276157#M46095 Chris_Atkinson 2026-04-28T10:58:04Z https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276293#M46112 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/3630">@Chris_Atkinson</a></P> <P class="isSelectedEnd"><SPAN>Yes, I need to disable an explicit rule in the rule base (src: Any → dst: cluster object → services: 80/443 → action: Accept).</SPAN></P> <P class="isSelectedEnd"><SPAN>When I connect using the VPN client, I can see that my public IP matches this rule (443). I haven’t changed anything in the Global Properties options.</SPAN><BR /><BR /></P> Thu, 30 Apr 2026 06:19:48 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-on-Rule-for-Remote-Access-Connections/m-p/276293#M46112 RemoteUser 2026-04-30T06:19:48Z