This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bhaizlett123
Contributor
‎2020-05-04 06:15 AM

SSH TO GATEWAY OVER VPN

I have a gateway that has remote access vpn enabled. I am trying to ssh directly to it, when i connect to it over vpn, but for some reason i am unable to, i don't even see the traffic coming to the gateway. Is this possible or is there a workaround for this?

11 Replies
_Val_
Admin
Admin
‎2020-05-06 07:09 AM

Can you ping the same GW IP addresses, internal and external, and/or open WebUI to it, when on VPN. Are you using Office Mode?

0 Kudos
bhaizlett123
Contributor
‎2020-05-06 10:33 AM
In response to _Val_

Yes using office mode, but not able to ping or webui to it on internal ip address, which is what i am trying to get to.
_Val_
Admin
Admin
‎2020-05-06 01:22 PM
In response to bhaizlett123

Please make sure that Office mode IP addresses are routed to the external interface of the GW and not to internal network. 

 

Most probably a routing issue, office mode is routed back to internal networks and not to the VPN tunnel

bhaizlett123
Contributor
‎2020-05-07 05:58 PM
In response to _Val_

Where are you saying to add the route, because shouldn't the firewall know how to route office mode ip's since its the one that assigns them to the client.

0 Kudos
Vladimir
Champion
Champion
‎2021-05-06 07:21 AM
In response to bhaizlett123

1. In Gaia config, do you have Office mode range defined as permitted clients?

2. In Security Policy, do you allow SSH from Office mode to the gateway object?

0 Kudos
WorkingDread
Participant
‎2021-05-06 11:13 AM
In response to Vladimir

Hello, thanks,

1-Yes, in Gaia is allow connections from any source (i have a lab environment)

2-In the Policies, I created rules to allow connections from all networks to Gateways, but it doesnt works

Something that I see is that the internal IP address of gateway is not inside the VPN Domain for RemoteUsers (the network of that IP address is inside vpn domain), due that reason my test connections are not showed in the logs, if i do a traceroute to internal IP address of gateway with vpn client connected the connections to the gateway  take the path to internet modem, they does not go by the VPN tunnel,

 

0 Kudos
Vladimir
Champion
Champion
‎2021-05-06 12:35 PM
In response to WorkingDread

Check the Excluded services either in global properties or the VPN community.

I believe that SSH is counted as one and thus may be excluded from the tunnel when destination is the gateway.

WorkingDread
Participant
‎2021-05-05 06:34 PM

Hello!

did you find the solution for the access to GW over client vpn?

 

0 Kudos
Christopher_To
Collaborator
‎2021-09-23 03:18 PM

Hi Bhaizlett,

I am experiencing the same issue.  Have you found a solution to accessing the firewall over VPN?

Thanks!

0 Kudos
LongIsland
Explorer
‎2021-09-28 03:15 AM
In response to Christopher_To

Hello all,

the same issue here: no access to the internat interface of the appliance via VPN.
Weird addition: https access is possible, but ssh is not.
Is there any update?

Thanks and regards

0 Kudos
_Val_
Admin
Admin
‎2021-09-28 05:59 AM
In response to LongIsland

As @Vladimir mentioned above, it is most probably because SSH is excluded from VPN services. Check advanced properties of your VPN community. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top