This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2019-01-07 09:36 AM

Legacy Remote access solution with R80.10

Hi Guys,

Again converting legacy policies to R80.10; here is one more issue would like to discuss. Previously I had legacy user access Remote Access VPN Solution [EPM].

Then edited the policy and ticked the Application Blade.

When tried installing policy it threw an error about legacy user access group which was used for Remote VPN. Hence I created access role and added those groups in the rule.

Now policy installation was successful and even users were getting connected however one issue I faced was even though ports were allowed in the same rule. Traffic was dropping for Office mode client IPs to destination IPs which were present in the rule and it was dropping at the clean up rule.

Any clue why? Then I again reverted the changes and it started working fine.

Like

Rule#56

Source - RDPusers@Any

Dest - RDP_10.10.10.10

Service - TCP_3389

Action - Accept

Rule#80

Any
Any

Drop

So traffic was dropping at Rule#80 when Rule#56 was converted to

Source - Access_Role_RDPUsers

Dest - RDP_10.10.10.10

Service - TCP_3389

Action - Accept

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
3 Replies
Vladimir
Champion
Champion
‎2019-01-07 10:57 AM

If you had a VPN community in the rule with access roles, this may have caused the drops, provided you were using "Unified Access Policy".

Blason_R
Leader
Leader
‎2019-01-07 05:41 PM
In response to Vladimir

That is applicable to end point VPN as well? Or only for mobile access policy? Yes I have community in the rule base.

What should be done in that case?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Vladimir
Champion
Champion
‎2019-01-07 08:57 PM
In response to Blason_R

My understanding is that "Mobile Access Policy" is covering all remote access means and is run either in Legacy or Inline modes.

This is the example of the policy I was using in one of my labs with Mobile Access layer:

With Access Roles configured according to your client of preference and the VPN column set to Any.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events