topic Initiate from Internal (server) traffic to SSL VPN (RA) users traffic flow - R80.20 in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Initiate-from-Internal-server-traffic-to-SSL-VPN-RA-users/m-p/87587#M10268 <P>Hi all,</P><P>I will keep this as simple as possible.</P><P>An internal network segment has a specific host that scan the internal network(s) continuously for any threats.</P><P>&nbsp;</P><P>With the (new) current scenario the work force are now 100% remote and connects using SSL VPN.&nbsp; Access from the end-user via SSL VPN is not a problem and split-tunnelling is in use.&nbsp;&nbsp;</P><P>With the order of processing and the way Checkpoint FW's deal with internal traffic to SSL VPN traffic, should I expect that the same 'scanning host' should reach the SSL VPN users if there is any to any policy rule in place for just the scanning host as an object(scanHost_object) and the vpn users (ra_object) as part of a troubleshooting session.</P><P>The FW engineers I'm working with could not answer me in terms of whether the Checkpoint would need any 'special' considerations in terms of traffic being initiated from the internal network(s) to RA SSL VPN users.</P><P>Any guidance/advise would be appreciated.</P><P>Regards,</P><P>Johann</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 08 Jun 2020 09:39:12 GMT johannsmith 2020-06-08T09:39:12Z Initiate from Internal (server) traffic to SSL VPN (RA) users traffic flow - R80.20 https://community.checkpoint.com/t5/SASE-and-Remote-Access/Initiate-from-Internal-server-traffic-to-SSL-VPN-RA-users/m-p/87587#M10268 <P>Hi all,</P><P>I will keep this as simple as possible.</P><P>An internal network segment has a specific host that scan the internal network(s) continuously for any threats.</P><P>&nbsp;</P><P>With the (new) current scenario the work force are now 100% remote and connects using SSL VPN.&nbsp; Access from the end-user via SSL VPN is not a problem and split-tunnelling is in use.&nbsp;&nbsp;</P><P>With the order of processing and the way Checkpoint FW's deal with internal traffic to SSL VPN traffic, should I expect that the same 'scanning host' should reach the SSL VPN users if there is any to any policy rule in place for just the scanning host as an object(scanHost_object) and the vpn users (ra_object) as part of a troubleshooting session.</P><P>The FW engineers I'm working with could not answer me in terms of whether the Checkpoint would need any 'special' considerations in terms of traffic being initiated from the internal network(s) to RA SSL VPN users.</P><P>Any guidance/advise would be appreciated.</P><P>Regards,</P><P>Johann</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 08 Jun 2020 09:39:12 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Initiate-from-Internal-server-traffic-to-SSL-VPN-RA-users/m-p/87587#M10268 johannsmith 2020-06-08T09:39:12Z Re: Initiate from Internal (server) traffic to SSL VPN (RA) users traffic flow - R80.20 https://community.checkpoint.com/t5/SASE-and-Remote-Access/Initiate-from-Internal-server-traffic-to-SSL-VPN-RA-users/m-p/87990#M10269 In general, yes, this should work (assuming you're using Office Mode).<BR />There may be one other setting in Global Properties that needs to be set for this also. Thu, 11 Jun 2020 03:16:39 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Initiate-from-Internal-server-traffic-to-SSL-VPN-RA-users/m-p/87990#M10269 PhoneBoy 2020-06-11T03:16:39Z