topic Restricting VPN gateway access on the public side in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Restricting-VPN-gateway-access-on-the-public-side/m-p/109618#M9228 <P>Hi there. Is anyone aware of a way to lock down the public facing interface on a VPN gateway (r80.30) so that any traffic that isn’t coming from a very specific version of the Checkpoint Endpoint VPN is simply dropped? So no poking, no probing, etc on ports required to be open in order for VPN to work, unless it’s coming from a legitimate client, and maybe even a specific version of the client.&nbsp;<BR />I’m thinking something similar the the User-agent field in the header of a web request. Maybe just a pipe dream, but I thought I’d ask anyway.&nbsp;</P> Tue, 02 Feb 2021 23:16:51 GMT cdooer 2021-02-02T23:16:51Z Restricting VPN gateway access on the public side https://community.checkpoint.com/t5/SASE-and-Remote-Access/Restricting-VPN-gateway-access-on-the-public-side/m-p/109618#M9228 <P>Hi there. Is anyone aware of a way to lock down the public facing interface on a VPN gateway (r80.30) so that any traffic that isn’t coming from a very specific version of the Checkpoint Endpoint VPN is simply dropped? So no poking, no probing, etc on ports required to be open in order for VPN to work, unless it’s coming from a legitimate client, and maybe even a specific version of the client.&nbsp;<BR />I’m thinking something similar the the User-agent field in the header of a web request. Maybe just a pipe dream, but I thought I’d ask anyway.&nbsp;</P> Tue, 02 Feb 2021 23:16:51 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Restricting-VPN-gateway-access-on-the-public-side/m-p/109618#M9228 cdooer 2021-02-02T23:16:51Z Re: Restricting VPN gateway access on the public side https://community.checkpoint.com/t5/SASE-and-Remote-Access/Restricting-VPN-gateway-access-on-the-public-side/m-p/109628#M9229 <P>This is most likely an RFE.<BR />You might be able to modify various .def files to change the implied rules to restrict access from a specific IP, though.<BR />Will be something you will have to manually track with upgrades, though.</P> Wed, 03 Feb 2021 06:10:25 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Restricting-VPN-gateway-access-on-the-public-side/m-p/109628#M9229 PhoneBoy 2021-02-03T06:10:25Z