https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191162#M4583 <P>Is there a way on Quantum Spark 1590 to route all internet traffic through the gateway on a per user basis for remote access VPN users? I know the setting "Route internet traffic from connected clients through this gateway" but that seems to apply to all users unless they're using SNX or SecuRemote to login which are not supported in Office Mode.</P><P>E.g. User A should get access to our internal network but all his external traffic should keep using his ISP/network (split tunnel). The traffic of user B however should completely be routed through our gateway because some external services that need to be accesses are restricted to our office IP.</P><P>For security reasons the final decision/setting if a user is allowed to route all traffic through our gateway needs to be in the Quantum Spark appliance.</P><P>Remote access VPN users will use Windows (Checkpoint Remote Capsule VPN if possible) and Linux (how?) to login.</P> Wed, 30 Aug 2023 20:53:26 GMT LukeM 2023-08-30T20:53:26Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191162#M4583 <P>Is there a way on Quantum Spark 1590 to route all internet traffic through the gateway on a per user basis for remote access VPN users? I know the setting "Route internet traffic from connected clients through this gateway" but that seems to apply to all users unless they're using SNX or SecuRemote to login which are not supported in Office Mode.</P><P>E.g. User A should get access to our internal network but all his external traffic should keep using his ISP/network (split tunnel). The traffic of user B however should completely be routed through our gateway because some external services that need to be accesses are restricted to our office IP.</P><P>For security reasons the final decision/setting if a user is allowed to route all traffic through our gateway needs to be in the Quantum Spark appliance.</P><P>Remote access VPN users will use Windows (Checkpoint Remote Capsule VPN if possible) and Linux (how?) to login.</P> Wed, 30 Aug 2023 20:53:26 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191162#M4583 LukeM 2023-08-30T20:53:26Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191173#M4584 <P>We can do it per LDAP group on regular (non-SMB) gateways:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk114882" target="_blank">https://support.checkpoint.com/results/sk/sk114882</A><BR />It's not clear if this is also supported on SMB appliances or not.</P> Thu, 31 Aug 2023 01:37:57 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191173#M4584 PhoneBoy 2023-08-31T01:37:57Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191180#M4585 <P>I'm relatively new to the Checkpoint ecosystem, how do I know if I have a regular or SMB gateway or are the Quantum Sparks 1590 per se SMB gateways?</P><P>Currently we don't use LDAP.</P> Thu, 31 Aug 2023 02:31:48 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191180#M4585 LukeM 2023-08-31T02:31:48Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191241#M4586 <P>Quantum Spark appliances are SMB.<BR />Unfortunately there is not a per-user setting for this.</P> Thu, 31 Aug 2023 14:33:45 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/How-route-all-traffic-through-gateway-on-a-per-user-basis/m-p/191241#M4586 PhoneBoy 2023-08-31T14:33:45Z