topic Re: SSL Network Extender Legacy policy in SASE and Remote Access

SSL Network Extender Legacy policy

Alejandro_Espin — Thu, 03 Jan 2019 00:55:20 GMT

ssl‌ ssl‌

I am trying to configure Mobile Access to establish VPN over SSL; the purpose is that the user that connects through the browser (SSL Network extender) have access to the entire internal network.

At the moment it worked for me only publishing a native application (RDP) but I need it to works as the "Checkpoint Mobile Client", without publishing applications.

By the way, we are on R80, and I think we can only use "Legacy Policy" I mentioned this because if I use "Unified Access Policy" using R80.10 and R80.20 it works.

I tried this mode without success:

Any clue please?

Re: SSL Network Extender Legacy policy

PhoneBoy — Thu, 03 Jan 2019 01:43:39 GMT

Mobile Access Blade does not need to be enabled at all if you just want to use SNX as a VPN client.

You would configure it as if it were IPSec VPN (e.g. make sure the relevant gateway is part of the Remote Access Community and there is a rule permitting access via this community)

Make sure that SNX is enabled here:

And that Visitor Mode is enabled:

Re: SSL Network Extender Legacy policy

Alejandro_Espin — Thu, 03 Jan 2019 03:22:39 GMT

Thank you so much Dameon, it works! using a local user.

I have a different issue, I can't log in using RADIUS authentication when I try to connect to VPN with SSL Network Extender. with Checkpoint Mobile client it works fine using RADIUS you think we need to set something else?

Re: SSL Network Extender Legacy policy

PhoneBoy — Thu, 03 Jan 2019 04:22:04 GMT

Error messages?

Re: SSL Network Extender Legacy policy

Alejandro_Espin — Thu, 03 Jan 2019 17:28:18 GMT

Nevermind, I created the user indicating that it will be authenticated by radius and it works properly. Thank you Dameon.

Re: SSL Network Extender Legacy policy

PhoneBoy — Thu, 03 Jan 2019 18:02:55 GMT

Yup, the user record has an authentication method defined in it.

That must be set correctly.