This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martin_Raska
Advisor
Advisor
‎2024-09-04 02:44 AM

Full tunnel over SSL VPN/SNX

Hello,

I am seeking advice how to configure Split/Full tunnel per user/user group. The connection to VPN is over SSL portal SNX extender.

Something like this.

FW-A

user group - A : full tunnel, no split tunneling

user group - B : split tunneling only

FW-B

user group - C : full tunnel, no split tunneling

user group - D : split tunneling only

 

environment is Multidomain with VSX and Maestro.

Thanks

0 Kudos
7 Replies
samir-brkic
Participant
‎2024-09-04 03:01 AM

could you please provide more details on the purpose of configuring split/full tunneling per user/user group in your SNX SSL portal setup?


Could you please clarify whether you are using the Unified Access Policy or the Legacy Policy for your SSL rulebase?

Typically, with SNX SSL connections, when using the Legacy Policy, full tunneling may not be necessary as access is restricted to the specific applications allowed in the rulebase. This setup usually ensures that routing is managed according to the applications rather than requiring split or full tunneling.

0 Kudos
Martin_Raska
Advisor
Advisor
‎2024-09-05 01:46 AM
In response to samir-brkic

Purpose is sell it in the same way as other competitors services (PA,FG) whos have solution for that.

(1)
the_rock
MVP Platinum
MVP Platinum
‎2024-09-05 04:18 AM
In response to Martin_Raska

You nailed it with that statement, could not agree more.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-09-04 06:11 AM

Last time I asked TAC about it, they said it was not possible/supported.

Andy

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-04 10:31 AM

For the full Endpoint client, you can do something like this: https://support.checkpoint.com/results/sk/sk114882 
Not sure you can do this with SNX, though.

0 Kudos
Martin_Raska
Advisor
Advisor
‎2024-09-05 01:46 AM
In response to PhoneBoy

I thought so.

0 Kudos
OliverBayerlein
Participant
Participant
‎2024-09-10 07:27 AM

Probably there is no full tunnel / hub mode in SNX but you can follow sk32111 Configuring Different Encryption Domains for Different User Groups in SNX and try a "All Internet" Group as Encryption Domain to get a full tunnel for specific user groups.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events