This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rooKing
Participant
‎2024-05-20 01:33 AM
Jump to solution

Office Mode IP assignment by client type

Hi CheckMates!

Is it possible to assign office mode IP addresses by client type?

For example, Capsule VPN Android users get IP address from one OM pool, SSL Network Extender user from another OM pool, Check Point Mobile users from yet another OM pool, etc.

Regards
rooKing

 

 

0 Kudos
4 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-05-20 07:39 AM
Jump to solution

Not aware of a way to do this at current.

View solution in original post

(1)
the_rock
MVP Platinum
MVP Platinum
‎2024-05-20 11:11 AM
Jump to solution

Im 100% positive you canNOT do that.

Andy

Best,
Andy

View solution in original post

Duane_Toler
MVP Silver
MVP Silver
‎2024-05-20 11:32 AM
Jump to solution

The others are correct.  If you're looking to differentiate traffic by client type, then Access Roles are your answer here.  You can define an Access Role object by client type, and use those in your policy.

For best results, you can also define an access role for your regular users and again use that in your policy.  With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column.  You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both.  Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

View solution in original post

(1)
the_rock
MVP Platinum
MVP Platinum
‎2024-05-21 12:48 AM
In response to Duane_Toler
Jump to solution

excellent point!

Best,
Andy

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2024-05-20 07:39 AM
Jump to solution

Not aware of a way to do this at current.

(1)
the_rock
MVP Platinum
MVP Platinum
‎2024-05-20 11:11 AM
Jump to solution

Im 100% positive you canNOT do that.

Andy

Best,
Andy
Duane_Toler
MVP Silver
MVP Silver
‎2024-05-20 11:32 AM
Jump to solution

The others are correct.  If you're looking to differentiate traffic by client type, then Access Roles are your answer here.  You can define an Access Role object by client type, and use those in your policy.

For best results, you can also define an access role for your regular users and again use that in your policy.  With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column.  You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both.  Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
(1)
the_rock
MVP Platinum
MVP Platinum
‎2024-05-21 12:48 AM
In response to Duane_Toler
Jump to solution

excellent point!

Best,
Andy
0 Kudos
Upcoming Events

    CheckMates Events