https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249409#M12679 <P>I think there is no way around it. You can only fill in hosts IP's and network ranges.&nbsp;</P> <P>As workaround you could manage the firewall via VPN client. With VPN client you will get an IP from the pool. This pool you can add as VPN range in the access list:</P> <P><SPAN class="MCDropDownHead dropDownHead"><A class="MCDropDownHotSpot dropDownHotspot MCDropDownHotSpot_ MCHotSpotImage" role="button" href="https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/Configuring-Administrator-Access.htm?Highlight=local%20ip#" aria-expanded="true" aria-controls="mc-dropdown-body60280c84-da67-414e-81db-bc50aa019fae" target="_blank">To set the interface sources from which<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_admin variable">administrator</SPAN><SPAN>&nbsp;</SPAN>access is allowed</A></SPAN></P> <DIV id="mc-dropdown-body60280c84-da67-414e-81db-bc50aa019fae" class="MCDropDownBody dropDownBody"> <DIV class="No_Page_Break_Inside"> <P>Select one or more of these options:</P> <UL> <LI> <P><SPAN class="Menu_Options">LAN</SPAN><SPAN>&nbsp;</SPAN>- All internal physical ports</P> </LI> <LI> <P><SPAN class="Menu_Options">Trusted wireless</SPAN><SPAN>&nbsp;</SPAN>- Wireless networks that are allowed access to the LAN by default (only in Wireless Network models.)</P> </LI> <LI> <P><STRONG><SPAN class="Menu_Options">VPN</SPAN>&nbsp;- Uses encrypted traffic through VPN tunnels from a remote site or uses a remote access client</STRONG></P> </LI> <LI> <P><SPAN class="Menu_Options">Internet</SPAN><SPAN>&nbsp;</SPAN>- Clear traffic from the Internet (not recommended to allow access from all<SPAN>&nbsp;</SPAN><SPAN class="SearchHighlight SearchHighlight2">IP</SPAN><SPAN>&nbsp;</SPAN>addresses)</P> </LI> </UL> </DIV> </DIV> Tue, 20 May 2025 17:50:10 GMT Lesley 2025-05-20T17:50:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249396#M12678 <P>These devices allow you to lock down admin access via the internet to specific IP addresses. The problem is, my IP address is DHCP from the ISP, so can change occasionally. In the security policy I have used a domain object pointing to my domain so the name is resolved from DNS, which is kept up to date automatically by a little docker container, which all works fine. However, the admin access only allows you to add IP addresses, not names that could be resolved.</P><P>Has anyone else had this problem and found a way round it at all?</P> Tue, 20 May 2025 13:54:00 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249396#M12678 StevePearson 2025-05-20T13:54:00Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249409#M12679 <P>I think there is no way around it. You can only fill in hosts IP's and network ranges.&nbsp;</P> <P>As workaround you could manage the firewall via VPN client. With VPN client you will get an IP from the pool. This pool you can add as VPN range in the access list:</P> <P><SPAN class="MCDropDownHead dropDownHead"><A class="MCDropDownHotSpot dropDownHotspot MCDropDownHotSpot_ MCHotSpotImage" role="button" href="https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/Configuring-Administrator-Access.htm?Highlight=local%20ip#" aria-expanded="true" aria-controls="mc-dropdown-body60280c84-da67-414e-81db-bc50aa019fae" target="_blank">To set the interface sources from which<SPAN>&nbsp;</SPAN><SPAN class="mc-variable Vars_Other.tp_admin variable">administrator</SPAN><SPAN>&nbsp;</SPAN>access is allowed</A></SPAN></P> <DIV id="mc-dropdown-body60280c84-da67-414e-81db-bc50aa019fae" class="MCDropDownBody dropDownBody"> <DIV class="No_Page_Break_Inside"> <P>Select one or more of these options:</P> <UL> <LI> <P><SPAN class="Menu_Options">LAN</SPAN><SPAN>&nbsp;</SPAN>- All internal physical ports</P> </LI> <LI> <P><SPAN class="Menu_Options">Trusted wireless</SPAN><SPAN>&nbsp;</SPAN>- Wireless networks that are allowed access to the LAN by default (only in Wireless Network models.)</P> </LI> <LI> <P><STRONG><SPAN class="Menu_Options">VPN</SPAN>&nbsp;- Uses encrypted traffic through VPN tunnels from a remote site or uses a remote access client</STRONG></P> </LI> <LI> <P><SPAN class="Menu_Options">Internet</SPAN><SPAN>&nbsp;</SPAN>- Clear traffic from the Internet (not recommended to allow access from all<SPAN>&nbsp;</SPAN><SPAN class="SearchHighlight SearchHighlight2">IP</SPAN><SPAN>&nbsp;</SPAN>addresses)</P> </LI> </UL> </DIV> </DIV> Tue, 20 May 2025 17:50:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249409#M12679 Lesley 2025-05-20T17:50:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249414#M12680 <P>As DNS queries can be changed by a man-in-the-midddle, we only allow fixed IPs to be configured for admin access.</P> Tue, 20 May 2025 18:47:55 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249414#M12680 PhoneBoy 2025-05-20T18:47:55Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249478#M12684 <P>Interesting work around thanks!</P> Wed, 21 May 2025 09:56:58 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Admin-access-to-Spark-1555/m-p/249478#M12684 StevePearson 2025-05-21T09:56:58Z