Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rooKing
Participant
Jump to solution

Office Mode IP assignment by client type

Hi CheckMates!

Is it possible to assign office mode IP addresses by client type?

For example, Capsule VPN Android users get IP address from one OM pool, SSL Network Extender user from another OM pool, Check Point Mobile users from yet another OM pool, etc.

Regards
rooKing

 

 

0 Kudos
4 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

Not aware of a way to do this at current.

View solution in original post

(1)
the_rock
Legend
Legend

Im 100% positive you canNOT do that.

Andy

View solution in original post

Duane_Toler
Advisor

The others are correct.  If you're looking to differentiate traffic by client type, then Access Roles are your answer here.  You can define an Access Role object by client type, and use those in your policy.

For best results, you can also define an access role for your regular users and again use that in your policy.  With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column.  You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both.  Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.

 

View solution in original post

(1)
the_rock
Legend
Legend
0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Not aware of a way to do this at current.

(1)
the_rock
Legend
Legend

Im 100% positive you canNOT do that.

Andy

Duane_Toler
Advisor

The others are correct.  If you're looking to differentiate traffic by client type, then Access Roles are your answer here.  You can define an Access Role object by client type, and use those in your policy.

For best results, you can also define an access role for your regular users and again use that in your policy.  With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column.  You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both.  Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.

 

(1)
the_rock
Legend
Legend

excellent point!

0 Kudos
Upcoming Events

    CheckMates Events