https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214856#M1147 <P>The others are correct. &nbsp;If you're looking to differentiate traffic by client type, then Access Roles are your answer here. &nbsp;You can define an Access Role object by client type, and use those in your policy.</P> <P>For best results, you can also define an access role for your regular users and again use that in your policy. &nbsp;With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column. &nbsp;You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both. &nbsp;Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.</P> <P>&nbsp;</P> Mon, 20 May 2024 18:32:53 GMT Duane_Toler 2024-05-20T18:32:53Z https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214818#M1144 <P>Hi CheckMates!<BR /><BR />Is it possible to assign office mode IP addresses by client type?<BR /><BR />For example, Capsule VPN Android users get IP address from one OM pool, SSL Network Extender user from another OM pool, Check Point Mobile users from yet another OM pool, etc.<BR /><SPAN><BR />Regards<BR /></SPAN>rooKing</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 20 May 2024 08:33:01 GMT https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214818#M1144 rooKing 2024-05-20T08:33:01Z https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214844#M1145 <P>Not aware of a way to do this at current.</P> Mon, 20 May 2024 14:39:55 GMT https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214844#M1145 PhoneBoy 2024-05-20T14:39:55Z https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214854#M1146 <P>Im 100% positive you canNOT do that.</P> <P>Andy</P> Mon, 20 May 2024 18:11:06 GMT https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214854#M1146 the_rock 2024-05-20T18:11:06Z https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214856#M1147 <P>The others are correct. &nbsp;If you're looking to differentiate traffic by client type, then Access Roles are your answer here. &nbsp;You can define an Access Role object by client type, and use those in your policy.</P> <P>For best results, you can also define an access role for your regular users and again use that in your policy. &nbsp;With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column. &nbsp;You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both. &nbsp;Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.</P> <P>&nbsp;</P> Mon, 20 May 2024 18:32:53 GMT https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214856#M1147 Duane_Toler 2024-05-20T18:32:53Z https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214872#M1148 <P>excellent point!</P> Tue, 21 May 2024 07:48:24 GMT https://community.checkpoint.com/t5/Mobile/Office-Mode-IP-assignment-by-client-type/m-p/214872#M1148 the_rock 2024-05-21T07:48:24Z