https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75775#M11422 <P>Hi all,</P><P>I'm not sure if this request has been already done,if so please let me know where I can find it.</P><P>Well here is my situation, I've configured a VPN ssl extender and everything is working fine, endpoints are receiving the ip address that I've established but when I type a route print on the endpoint I see that they're receiving some network ranges from my checkpoint and those are the network ranges that the checkpoint has connected. With this said I have two questions:</P><P>1- How can I avoid the checkpoint sends those networks to the endpoints?</P><P>2- How can I propagate the ip address ranges needed to the endpoint's routing tables ?&nbsp;</P><P>I've looking around and I've found nothing,&nbsp;</P><P>I'm using the SmartConsole R80.20 to configure everything and my checkpoint is 5000 serie.</P><P>Any help would be appreciated.</P> Wed, 19 Feb 2020 16:20:44 GMT titoabidan 2020-02-19T16:20:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75775#M11422 <P>Hi all,</P><P>I'm not sure if this request has been already done,if so please let me know where I can find it.</P><P>Well here is my situation, I've configured a VPN ssl extender and everything is working fine, endpoints are receiving the ip address that I've established but when I type a route print on the endpoint I see that they're receiving some network ranges from my checkpoint and those are the network ranges that the checkpoint has connected. With this said I have two questions:</P><P>1- How can I avoid the checkpoint sends those networks to the endpoints?</P><P>2- How can I propagate the ip address ranges needed to the endpoint's routing tables ?&nbsp;</P><P>I've looking around and I've found nothing,&nbsp;</P><P>I'm using the SmartConsole R80.20 to configure everything and my checkpoint is 5000 serie.</P><P>Any help would be appreciated.</P> Wed, 19 Feb 2020 16:20:44 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75775#M11422 titoabidan 2020-02-19T16:20:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75821#M11423 The routes sent to the client are a function of the encryption domain you've configured in your gateway object.<BR />To control that, modify the encryption domain accordingly.<BR />If you need the encryption domain to contain those networks for site-to-site VPNs, then you will need to use appropriate rules to prevent access to those networks.<BR />Unfortunately routes for those networks will still show on the client. Thu, 20 Feb 2020 05:20:01 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75821#M11423 PhoneBoy 2020-02-20T05:20:01Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75911#M11424 <P>Thank you so much for replying Phoneboy, I'll be checking that out and see how that works.</P> Thu, 20 Feb 2020 15:44:07 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75911#M11424 titoabidan 2020-02-20T15:44:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75932#M11425 <P>You can have two encryption domains on the gateway, one for the site 2 site VPN and another one for remote access.</P> <P>With this extra remote access encryption domain you can define different networks ( shown as routes on the client ) for your ssl extender clients.</P> <P>Wolfgang</P> Thu, 20 Feb 2020 19:42:43 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Routes-distribution-throught-vpn-ssl-extender/m-p/75932#M11425 Wolfgang 2020-02-20T19:42:43Z