https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128015#M8125 <P>I am working on a specific requirement with Endpoint security VPN E84.40 clients. I read the admin guide in order to enable SDL and location awareness (Global properties&gt;Endpoint connect). It contains a group with our internal IP addresses.</P><P>SDL is enabled on the client. Now when these users connect over an external network the SDL pops up which is good. But when the user comes into office the client pops up to connect on VPN again, as I understand client need to recognize that host is in a internal network and give a bypass on VPN client.</P><P>&nbsp;</P><P>I have a network with many locations linked by MPLS links and this problem happens just in locations connected on my Datacenter by MPLS, when I connect directly on my LAN on my DataCenter it no happen.</P><P>&nbsp;</P><P>I raised a ticket with CP TAC and receive the answer that is necessary to be connected directly on the same network than my gateway, but it is not clear for me, because my locations is connected by MPLS but have access to firewall directly.</P><P>&nbsp;</P><P>Maybe there is a configuration missing in some point.</P> Wed, 25 Aug 2021 21:18:52 GMT rlamerico 2021-08-25T21:18:52Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128015#M8125 <P>I am working on a specific requirement with Endpoint security VPN E84.40 clients. I read the admin guide in order to enable SDL and location awareness (Global properties&gt;Endpoint connect). It contains a group with our internal IP addresses.</P><P>SDL is enabled on the client. Now when these users connect over an external network the SDL pops up which is good. But when the user comes into office the client pops up to connect on VPN again, as I understand client need to recognize that host is in a internal network and give a bypass on VPN client.</P><P>&nbsp;</P><P>I have a network with many locations linked by MPLS links and this problem happens just in locations connected on my Datacenter by MPLS, when I connect directly on my LAN on my DataCenter it no happen.</P><P>&nbsp;</P><P>I raised a ticket with CP TAC and receive the answer that is necessary to be connected directly on the same network than my gateway, but it is not clear for me, because my locations is connected by MPLS but have access to firewall directly.</P><P>&nbsp;</P><P>Maybe there is a configuration missing in some point.</P> Wed, 25 Aug 2021 21:18:52 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128015#M8125 rlamerico 2021-08-25T21:18:52Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128016#M8126 <P>What settings are you using?</P> Wed, 25 Aug 2021 21:26:04 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128016#M8126 PhoneBoy 2021-08-25T21:26:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128286#M8127 <P>Hi PhoneBoy,<BR /><BR />I have enabled the SDL on my client and configure "network location awareness" with my network range 10.0.0.0/8.<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Screenshot_223.png" style="width: 920px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/13563iDC65A0F5E1229AB1/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot_223.png" alt="Screenshot_223.png" /></span></P><P>&nbsp;</P> Sat, 28 Aug 2021 17:44:58 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128286#M8127 rlamerico 2021-08-28T17:44:58Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128292#M8128 <P>In the remote sites, it is connecting to the gateway via the internal interface or via the external interface?</P> Sun, 29 Aug 2021 00:10:09 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128292#M8128 PhoneBoy 2021-08-29T00:10:09Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128364#M8129 <P>Hi PhoneBoy,<BR />In remote sites, we have an MPLS connecting with my DataCenter, in this case we are connecting with the internal interface, but I don´t have a specific configuration for that, on my client, I just configure my external IP when creating a profile.</P><P>The only configuration that I have to inform what is my internal LAN is on "location awareness".</P><P>&nbsp;</P> Mon, 30 Aug 2021 14:45:16 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128364#M8129 rlamerico 2021-08-30T14:45:16Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128374#M8130 <P>Have you confirmed traffic to the gateway's external IP is in fact traversing the MPLS?</P> Mon, 30 Aug 2021 15:16:57 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128374#M8130 PhoneBoy 2021-08-30T15:16:57Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128401#M8131 <P>Yes, in this case, the client can´t reach the gateway´s external IP and it is correct because he is on my LAN, in my mind the client when connected on the first time on VPN need to receive the topology and the information about my internal range and based on this information don´t request to connect when receive one ip from my internal range.</P> Tue, 31 Aug 2021 02:38:01 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SDL-with-location-awareness/m-p/128401#M8131 rlamerico 2021-08-31T02:38:01Z