Solved: capsule vpn connect but no access any server

GGiorgakis · ‎2019-11-22

Hello Guys!

Ihave the below scenario.I am writing about r77.30.Client connect through capsule vpn successfully.

Then try to access certain internal server with RDP without success.From devices(ipad & android phone) i ask him and tried various rdp client without success.Also note that those servers are works properly through mobile access.Finally with fw ctl zdebug drop tcpdump i cannot see any logs.

Any suggestions?

Wolfgang · ‎2019-11-25

Jerry,

I think for "capsule connect" no MAB policy is needed.

snip from MAB dosumentation

"The Mobile Access policy applies to the Mobile Access portal and Capsule Workspace. It does not apply to Desktop clients or Capsule Connect."

Wolfgang

View solution in original post

Wolfgang · ‎2019-11-22

GGiorgakis,

Capsule Connect VPN is a full VPN client. You have to configure remote access rules to use them.

These rules are different from MobileAccessBlade rules, they are the same as for a normal Windows VPN client like EndPoint VPN.

If you use SSL-extender and native applications via MOB, you can't use this rules with Capsule VPN.

Add your gateway to the remote access community, create rules with users as source, your needed destinations and services and in the VPN section add the remote access community.

Wolfgang

GGiorgakis · ‎2019-11-25

Dear Wolfgang,

I have already configure the above.
I got a successful capsule vpn connection.Then i try to connect and cannot see anything either with fwmonitor & zdebug.

Jerry · ‎2019-11-25

"connect where" ? what are you trying to achieve here?
where about you're trying to connect to?
have you got that configured on MAB Policies?
did you configured office-mode properly or you don't use it?

just answer above please otherwise we're struggling to assist you here really

Jerry

GGiorgakis · ‎2019-11-25

Dear Jerry,

"connect where" ?
i connect from android device through vpn capsule and i received an office mode IP address.

what are you trying to achieve here?
I have a rule which legacy user access can login to a server (VPN:remote access included) port:3389

where about you're trying to connect to?
src:legacy user - dst: local server vpn:remote access - port:3389
have you got that configured on MAB Policies?
No
did you configured office-mode properly or you don't use it?
Configured

Jerry · ‎2019-11-25

so you answered yourself then 🙂
you need Mobile Access Blade console (Dashboard) and have policies configured for the VPN user to be able to reach tcp/3389 RDP from the "client" to the "server". Simples.

see MAB Admin Guide (

https://dl3.checkpoint.com/paid/77/774c3c923f00c927527600aadaab3fcf/CP_R80.10_MobileAccess_AdminGuid...

or

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_MobileAccess_AdminGuide/html...

hope it helps

Jerry

Jerry · ‎2019-11-23

MAB policies !

Jerry

GGiorgakis · ‎2019-11-25

Add the network into VPN domain and works properly.

Thanks

Wolfgang · ‎2019-11-25

Jerry,

I think for "capsule connect" no MAB policy is needed.

snip from MAB dosumentation

"The Mobile Access policy applies to the Mobile Access portal and Capsule Workspace. It does not apply to Desktop clients or Capsule Connect."

Wolfgang

View solution in original post

Jerry · ‎2019-11-25

agree but I was in a believe that the main issue isn't about Capsule only but about inbound VPN clients connectivity in gernal hence my tips on that matter. cheers Volfgang

Jerry