topic routine difference between ssl network extender and mobile client in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/routine-difference-between-ssl-network-extender-and-mobile/m-p/151046#M6580 <P>Hi,</P><P>running</P><P>R80.30 Gaia 2.6.18 Jumbo Hotfix Accumulator Security Gateway and Standalone General<BR />Availability (Take 226)</P><P>Client : Windows 10.</P><P>noted something weird. The public ip mentioned underneath is one of our own.&nbsp; It's not in any encryption domain.</P><P>1. Connected using mobile vpn</P><P>A http connection to a specific public ip address works without any problem when using the mobile client.&nbsp; The public ip is routed through the internet.&nbsp; A 'netstat -rn' does not reveal any route forcing it to go through the vpn tunnel.&nbsp; This is expected behaviour.</P><P>2. Connected using portal, and using ssl network extender</P><P>A http connection to a specific public ip address does not work.&nbsp; A closer inspection reveals the packet is routed inside the vpn tunnel, and then ofcourse blocked on one of our firewalls due to "<SPAN>unauthorized ssl vpn traffic".&nbsp; A 'netstat -rn' reveals a route forcing it to go trough the vpn tunnel.</SPAN></P><P>I can't explain the routing behaviour?&nbsp; It's my expectation the routing table should come from the ras vpn domain.&nbsp; And should be the same for both connecting methods?</P> Thu, 16 Jun 2022 11:32:39 GMT pnobels 2022-06-16T11:32:39Z routine difference between ssl network extender and mobile client https://community.checkpoint.com/t5/SASE-and-Remote-Access/routine-difference-between-ssl-network-extender-and-mobile/m-p/151046#M6580 <P>Hi,</P><P>running</P><P>R80.30 Gaia 2.6.18 Jumbo Hotfix Accumulator Security Gateway and Standalone General<BR />Availability (Take 226)</P><P>Client : Windows 10.</P><P>noted something weird. The public ip mentioned underneath is one of our own.&nbsp; It's not in any encryption domain.</P><P>1. Connected using mobile vpn</P><P>A http connection to a specific public ip address works without any problem when using the mobile client.&nbsp; The public ip is routed through the internet.&nbsp; A 'netstat -rn' does not reveal any route forcing it to go through the vpn tunnel.&nbsp; This is expected behaviour.</P><P>2. Connected using portal, and using ssl network extender</P><P>A http connection to a specific public ip address does not work.&nbsp; A closer inspection reveals the packet is routed inside the vpn tunnel, and then ofcourse blocked on one of our firewalls due to "<SPAN>unauthorized ssl vpn traffic".&nbsp; A 'netstat -rn' reveals a route forcing it to go trough the vpn tunnel.</SPAN></P><P>I can't explain the routing behaviour?&nbsp; It's my expectation the routing table should come from the ras vpn domain.&nbsp; And should be the same for both connecting methods?</P> Thu, 16 Jun 2022 11:32:39 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/routine-difference-between-ssl-network-extender-and-mobile/m-p/151046#M6580 pnobels 2022-06-16T11:32:39Z Re: routine difference between ssl network extender and mobile client https://community.checkpoint.com/t5/SASE-and-Remote-Access/routine-difference-between-ssl-network-extender-and-mobile/m-p/151047#M6581 <P>if I were you, I would run route print on client's machine to see the difference.</P> Thu, 16 Jun 2022 11:35:34 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/routine-difference-between-ssl-network-extender-and-mobile/m-p/151047#M6581 the_rock 2022-06-16T11:35:34Z