https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116569#M8814 <P>Good day everyone,</P><P>&nbsp; &nbsp;Hope everybody is keeping safe and healthy.</P><P>&nbsp; &nbsp;So aside from access to our internal systems, our users also need access to external sites for research. These sites restrict access to our campus public IPs, so somehow i need to add specific routes on the VPN client side to do this.</P><P>&nbsp; &nbsp; Can anyone point me to the right documentation? i've added external sites to the VPN domain(even though i'm not sure if this is wise). i've checked that routes indeed have been added to the client's routing table, and i've verified that traffic from VPN client -&gt; external site is being allowed through...but it still doesn't work. Is there anything else i need to check/do ?</P><P>&nbsp; &nbsp; &nbsp;Thanks</P><P>&nbsp;</P><P>&nbsp; &nbsp;&nbsp;</P><P>&nbsp; &nbsp;</P> Wed, 21 Apr 2021 23:57:54 GMT albertcuy 2021-04-21T23:57:54Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116569#M8814 <P>Good day everyone,</P><P>&nbsp; &nbsp;Hope everybody is keeping safe and healthy.</P><P>&nbsp; &nbsp;So aside from access to our internal systems, our users also need access to external sites for research. These sites restrict access to our campus public IPs, so somehow i need to add specific routes on the VPN client side to do this.</P><P>&nbsp; &nbsp; Can anyone point me to the right documentation? i've added external sites to the VPN domain(even though i'm not sure if this is wise). i've checked that routes indeed have been added to the client's routing table, and i've verified that traffic from VPN client -&gt; external site is being allowed through...but it still doesn't work. Is there anything else i need to check/do ?</P><P>&nbsp; &nbsp; &nbsp;Thanks</P><P>&nbsp;</P><P>&nbsp; &nbsp;&nbsp;</P><P>&nbsp; &nbsp;</P> Wed, 21 Apr 2021 23:57:54 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116569#M8814 albertcuy 2021-04-21T23:57:54Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116575#M8815 <P>I presume you need some NAT rules in place for this.<BR />Have you configured that?</P> Thu, 22 Apr 2021 05:26:01 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116575#M8815 PhoneBoy 2021-04-22T05:26:01Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116578#M8816 <P>Yes sir. i enabled the automatic NAT rules for the whole VPN subnet. But i don't see the NAT'ing in the logs.</P> Thu, 22 Apr 2021 06:02:58 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116578#M8816 albertcuy 2021-04-22T06:02:58Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116584#M8817 <P>I presume you did it this way:</P> <P>Configure NAT for the Office Mode network:</P> <OL type="A"> <LI>In SmartDashboard, open the Office Mode network properties.</LI> <LI>Go to "<EM><STRONG>NAT</STRONG></EM>" tab.</LI> <LI>Check the box "<EM><STRONG>Add Automatic Address Translation rules</STRONG></EM>".</LI> <LI>In "<EM><STRONG>Translation method</STRONG></EM>" field, select "<EM><STRONG>Hide</STRONG></EM>" and then select "<EM><STRONG>Hide behind Gateway</STRONG></EM>".</LI> <LI>Click on 'OK'.</LI> </OL> Thu, 22 Apr 2021 06:33:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116584#M8817 PhoneBoy 2021-04-22T06:33:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116586#M8818 <P>Yes sir, exactly like that <span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P> Thu, 22 Apr 2021 06:36:15 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116586#M8818 albertcuy 2021-04-22T06:36:15Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116587#M8819 <P>What version/JHF level?<BR />Seems like it might be a bug since many customers use a similar configuration (albeit using "Route All Traffic").</P> Thu, 22 Apr 2021 06:38:23 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Route-VPN-users-through-gateway-for-specific-external-sites-only/m-p/116587#M8819 PhoneBoy 2021-04-22T06:38:23Z