This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Contributor
a week ago

RA clients receive unnecessary routes

Hi mates!

We noticed that RA clients receive the routes from networks that are excluded from VPN community.

1. We followed sk167000 and

    a. Set the value of the "Route all traffic to gateway" parameter to "No".

    b. Created a network object (A) for excluded domain

    c. We created another network object "Group with Exclusions" (B) and excluded the previous network group (A) from it. 

    d. Added a network group with exceptions (B) to the Remote Access Community and enabled Hub Mode.

2. While connecting to the VPN, we noticed that the client is receiving routing information from an excluded network group. 

I understand that the clients will receive all the routes from all the participating gateways, but it feels a little unsecure knowing that any RA client will know about the networks that they are not supposed to.

Is there a way to prevent RA clients to not receive routing from excluded networks?

We are on Maestro R81.10 Take 139. 

Thanks in advance!

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
Monday

Not sure the exclusions prevent the routes from being received by the client.
This should probably be confirmed with TAC. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events