topic Re: restricted VPN for Vendor account in SASE and Remote Access

restricted VPN for Vendor account

shawmcbigdis — Wed, 24 Mar 2021 22:08:49 GMT

I'm trying to create a way for a vendor to VPN in and RDP only to the specific machine they need, but I can't seem to find a way. I saw this thread and followed what it says;

https://community.checkpoint.com/t5/Remote-Access-VPN/VPN-Limit-specific-vendors-to-specific-IPs-on-Checkpoint-Vpn/m-p/90697#M3663

But it just lets the user connect via the VPN client, but then can't get anywhere. I got the same results when I tried to create it using a CP Local user.

I currently have the rule setup to allow access to the whole network that the machine is on, and all protocols, but still nothing;

I am fairly new to the Checkpoint, and admittedly do not fully understand the VPN functions yet, so I am sure I am missing something, just not sure what.

Re: restricted VPN for Vendor account

PhoneBoy — Thu, 25 Mar 2021 06:32:50 GMT

Screenshots of precisely what you configured would be helpful.
If you’re using Access Roles as mentioned in that thread, make sure Identity Awareness is configured AND Remote Access is an identity source in the gateway object (it’s not enabled by default).

Re: restricted VPN for Vendor account

shawmcbigdis — Thu, 25 Mar 2021 12:25:49 GMT

The top policy is our existing user VPN, the bottom is the one I am trying to set up for the vendor

Re: restricted VPN for Vendor account

PhoneBoy — Fri, 26 Mar 2021 01:25:15 GMT

The next needed screenshots (with sensitive data redacted) would be:

How the Access Role is defined
What the logs look like when the vendor attempts access