cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Exclude IP addresses (non local subnets) from hub mode

Hi,

 

is it possible to also exclude specific IP adresses/subnets for a VPN client running in hub mode (route all traffic to gateway) ?

I know there is a solution for excluding local LANs (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...but I need to exclude specific IPs and I must not disable hub mode.

 

Thanks and regards

Thomas

 

0 Kudos
4 Replies

Re: Exclude IP addresses (non local subnets) from hub mode

Why not user Access Roles to differentiate between local and RA VPN clients and create a ruleset that denies access to these IP addresses for RA VPN clients only ?

0 Kudos

Re: Exclude IP addresses (non local subnets) from hub mode

Hi Günther,

 

can you elaborate what you mean by  local and RA VPN clients ?

Target scenario is this

 

RA VPN client ---- forced tunnel ---------------------------Corp FW -- company LAN

          |------------- Webserver 80.80.80.80 (Corp DMZ)--------|

 

Regards Thomas

 

0 Kudos

Re: Exclude IP addresses (non local subnets) from hub mode

You have  local clients at your site that connect to the internet thru the GW, and you have RA VPN clients using Hub Mode / Route all traffic to gateway, So you could use one access rule  for local clients and another for RA VPN clients with excluded destinations...

0 Kudos

Re: Exclude IP addresses (non local subnets) from hub mode

"and another for RA VPN clients with excluded destinations..."

 

This configuration is what I am looking for. How do you exclude destinations in Hub mode ?


Regards Thomas

0 Kudos