Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Geomix7
Collaborator
Jump to solution

capsule vpn connect but no access any server

Hello Guys!

 Ihave the below scenario.I am writing about r77.30.Client connect through capsule vpn successfully.

Then try to access certain internal server with RDP without  success.From devices(ipad & android phone) i ask him and tried various rdp client without success.Also note that those servers are works properly through mobile access.Finally with fw ctl zdebug drop tcpdump i cannot see any logs.

Any suggestions?

 

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority

Jerry,

I think for "capsule connect" no MAB policy is needed.

snip from MAB dosumentation

"The Mobile Access policy applies to the Mobile Access portal and Capsule Workspace. It does not apply to Desktop clients or Capsule Connect."

 

Wolfgang

View solution in original post

0 Kudos
9 Replies
Wolfgang
Authority
Authority

GGiorgakis,

Capsule Connect VPN is a full VPN client. You have to configure remote access rules to use them.

These rules are different from MobileAccessBlade rules, they are the same as for a normal Windows VPN client like EndPoint VPN.

If you use SSL-extender and native applications via MOB, you can't use this rules with Capsule VPN. 

Add your gateway to the remote access community, create rules with users as source, your needed destinations and services and in the VPN section add the remote access community.

Wolfgang

0 Kudos
Geomix7
Collaborator
Dear Wolfgang,

I have already configure the above.
I got a successful capsule vpn connection.Then i try to connect and cannot see anything either with fwmonitor & zdebug.




0 Kudos
Jerry
Mentor
Mentor
"connect where" ? what are you trying to achieve here?
where about you're trying to connect to?
have you got that configured on MAB Policies?
did you configured office-mode properly or you don't use it?

just answer above please otherwise we're struggling to assist you here really
Jerry
0 Kudos
Geomix7
Collaborator
Dear Jerry,

"connect where" ?
i connect from android device through vpn capsule and i received an office mode IP address.

what are you trying to achieve here?
I have a rule which legacy user access can login to a server (VPN:remote access included) port:3389

where about you're trying to connect to?
src:legacy user - dst: local server vpn:remote access - port:3389
have you got that configured on MAB Policies?
No
did you configured office-mode properly or you don't use it?
Configured
0 Kudos
Jerry
Mentor
Mentor
so you answered yourself then 🙂
you need Mobile Access Blade console (Dashboard) and have policies configured for the VPN user to be able to reach tcp/3389 RDP from the "client" to the "server". Simples.

see MAB Admin Guide (

https://dl3.checkpoint.com/paid/77/774c3c923f00c927527600aadaab3fcf/CP_R80.10_MobileAccess_AdminGuid...

or

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_MobileAccess_AdminGuide/html...

hope it helps
Jerry
0 Kudos
Jerry
Mentor
Mentor
MAB policies !
Jerry
0 Kudos
Geomix7
Collaborator

Add the network into VPN domain and works properly.

 

Thanks

0 Kudos
Wolfgang
Authority
Authority

Jerry,

I think for "capsule connect" no MAB policy is needed.

snip from MAB dosumentation

"The Mobile Access policy applies to the Mobile Access portal and Capsule Workspace. It does not apply to Desktop clients or Capsule Connect."

 

Wolfgang

0 Kudos
Jerry
Mentor
Mentor
agree but I was in a believe that the main issue isn't about Capsule only but about inbound VPN clients connectivity in gernal hence my tips on that matter. cheers Volfgang
Jerry
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events