Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

capsule vpn connect but no access any server

Jump to solution

Hello Guys!

 Ihave the below scenario.I am writing about r77.30.Client connect through capsule vpn successfully.

Then try to access certain internal server with RDP without  success.From devices(ipad & android phone) i ask him and tried various rdp client without success.Also note that those servers are works properly through mobile access.Finally with fw ctl zdebug drop tcpdump i cannot see any logs.

Any suggestions?

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Leader
Leader

Jerry,

I think for "capsule connect" no MAB policy is needed.

snip from MAB dosumentation

"The Mobile Access policy applies to the Mobile Access portal and Capsule Workspace. It does not apply to Desktop clients or Capsule Connect."

 

Wolfgang

View solution in original post

0 Kudos
9 Replies
Highlighted
Leader
Leader

GGiorgakis,

Capsule Connect VPN is a full VPN client. You have to configure remote access rules to use them.

These rules are different from MobileAccessBlade rules, they are the same as for a normal Windows VPN client like EndPoint VPN.

If you use SSL-extender and native applications via MOB, you can't use this rules with Capsule VPN. 

Add your gateway to the remote access community, create rules with users as source, your needed destinations and services and in the VPN section add the remote access community.

Wolfgang

0 Kudos
Highlighted
Collaborator
Dear Wolfgang,

I have already configure the above.
I got a successful capsule vpn connection.Then i try to connect and cannot see anything either with fwmonitor & zdebug.




0 Kudos
Highlighted
Leader
Leader
"connect where" ? what are you trying to achieve here?
where about you're trying to connect to?
have you got that configured on MAB Policies?
did you configured office-mode properly or you don't use it?

just answer above please otherwise we're struggling to assist you here really
Jerry
0 Kudos
Highlighted
Collaborator
Dear Jerry,

"connect where" ?
i connect from android device through vpn capsule and i received an office mode IP address.

what are you trying to achieve here?
I have a rule which legacy user access can login to a server (VPN:remote access included) port:3389

where about you're trying to connect to?
src:legacy user - dst: local server vpn:remote access - port:3389
have you got that configured on MAB Policies?
No
did you configured office-mode properly or you don't use it?
Configured
0 Kudos
Highlighted
Leader
Leader
so you answered yourself then 🙂
you need Mobile Access Blade console (Dashboard) and have policies configured for the VPN user to be able to reach tcp/3389 RDP from the "client" to the "server". Simples.

see MAB Admin Guide (

https://dl3.checkpoint.com/paid/77/774c3c923f00c927527600aadaab3fcf/CP_R80.10_MobileAccess_AdminGuid...

or

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_MobileAccess_AdminGuide/html...

hope it helps
Jerry
0 Kudos
Highlighted
Leader
Leader
MAB policies !
Jerry
0 Kudos
Highlighted
Collaborator

Add the network into VPN domain and works properly.

 

Thanks

0 Kudos
Highlighted
Leader
Leader

Jerry,

I think for "capsule connect" no MAB policy is needed.

snip from MAB dosumentation

"The Mobile Access policy applies to the Mobile Access portal and Capsule Workspace. It does not apply to Desktop clients or Capsule Connect."

 

Wolfgang

View solution in original post

0 Kudos
Highlighted
Leader
Leader
agree but I was in a believe that the main issue isn't about Capsule only but about inbound VPN clients connectivity in gernal hence my tips on that matter. cheers Volfgang
Jerry
0 Kudos