- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Assign Office Mode Remote Access clients to a ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assign Office Mode Remote Access clients to a security zone?
Hi, I'm trying to build a policy that makes the switch from network-based to zone-based. I'd like it if the Office Mode clients were in Security Zone "VPNZone," but since they are not associated with an interface, I am not sure if I can do that. Any advice?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If though you can use security zones with Check Point you should be aware that Check Point isn't a provider of classic zone based firewalls. Therefore using security zones comes with a couple of limitations.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I might have a workaround. If I create a rule that allows all traffic from VPN clients and apply that only to the remote access VPN gateway, I can create an interface on the adjacent DMZ gateway, assign that interface to "VPNZone," and then use that zone in policy, as all DMZ-bound traffic from Office Mode clients will be coming in on that interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I considered that, but since we have Identity Collectors inside, the Access roles would also match those AD users when not logged in to VPN. We do VPN required for privileged access to resources (SSH, SQL, etc). Still, that's worth noodling.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not if you specify a specific VPN client be used as part of the Access Role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content