https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3857#M35 <HTML><HEAD></HEAD><BODY><P>Just to clarify the question: are you using the 1200Rs as Remote Access Clients to a central location or are trying to access resources behind the 1200R with Remote Access Clients? More information about the type of configuration you're hoping to achieve will be helpful in providing you the right guidance.</P></BODY></HTML> Sun, 02 Jul 2017 17:31:40 GMT PhoneBoy 2017-07-02T17:31:40Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3855#M33 <HTML><HEAD></HEAD><BODY><P>Has anyone done this and want to share their setup? We have MANY 1200Rs we are going to be deploying and want to do a remote access VPN that uses AD groups for access. Just any clues on remote access VPN with central management on embedded GAIA would be a start. We are at a loss on getting this setup.</P></BODY></HTML> Sun, 02 Jul 2017 01:57:39 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3855#M33 Heath 2017-07-02T01:57:39Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3856#M34 <HTML><HEAD></HEAD><BODY><P>Want to add that our environment is R77.30.</P></BODY></HTML> Sun, 02 Jul 2017 01:59:45 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3856#M34 Heath 2017-07-02T01:59:45Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3857#M35 <HTML><HEAD></HEAD><BODY><P>Just to clarify the question: are you using the 1200Rs as Remote Access Clients to a central location or are trying to access resources behind the 1200R with Remote Access Clients? More information about the type of configuration you're hoping to achieve will be helpful in providing you the right guidance.</P></BODY></HTML> Sun, 02 Jul 2017 17:31:40 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3857#M35 PhoneBoy 2017-07-02T17:31:40Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3858#M36 <HTML><HEAD></HEAD><BODY><P>Thanks for the quick reply Dameon. We will be accessing devices/subnets on the LAN side of the 1200Rs and the 1200Rs will be edge devices to which we would like to terminate the remote access. I've looked through the documentation specifically for the 1200Rs and the VPN setup for a centrally managed embedded device is very sparse...</P></BODY></HTML> Mon, 03 Jul 2017 00:58:18 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3858#M36 Heath 2017-07-03T00:58:18Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3859#M37 <HTML><HEAD></HEAD><BODY><P>The reason documentation is sparse specifically for the 1200R in this instance is that, when the 1200R is centrally managed, it's treated like any other Check Point gateway running R77.20 (with some limitations).</P><P>The one limitation relevant to this specific use case is that the Mobile Access Web Portal is not available on the 1200R (or any of the SMB appliances for that matter).</P><P></P><P>The general VPN documentation for R77.x, which covers Remote Access, is here:&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm">https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm</A>&nbsp;</P><P></P><P>For each 1200R you will need to have an encryption domain defined.</P><P>Each 1200R you want to access resources behind should have unique IP space behind it (not used behind other gateways).</P><P>Each 1200R would be added to the Remote Access VPN community.</P><P></P><P>Hope that's enough to get you started.</P></BODY></HTML> Mon, 03 Jul 2017 04:52:42 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3859#M37 PhoneBoy 2017-07-03T04:52:42Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3860#M38 <HTML><HEAD></HEAD><BODY><P>Check <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk118796&amp;partition=Advanced&amp;product=Small">sk118796</A>&nbsp;to see if you get the "kfunc not supported error".&nbsp;It helped me to get Remote Access working in a 1470.</P><P></P><P>Just configure a rule as you would for&nbsp;normal internal traffic and DO NOT add the Remote_Access community to it, just leave community field blank.</P></BODY></HTML> Tue, 25 Jul 2017 21:02:05 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Centrally-Managed-Remote-Access-VPN-with-Embedded-Gaia/m-p/3860#M38 Pedro_Espindola 2017-07-25T21:02:05Z