Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NeilDavey
Collaborator

MAB - Route Traffic via Gateway

We use the Mobile Access Blade for connecting into our systems and we also use a PACFILE for internet access.

Once a user has connected onto the MAB, if they untick the PACFILE on IE, then they can get to websites that would be blocked.

Ie - PACFILE would stop access to File Sharing sites, but a user can uncheck the PACFILE and then access File Sharing sites whilst still connected to the MAB.

I believe this is related around "Route all traffic"/"Split tunneling"

I found this article but as we are R80.30 I am not sure it applies:

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Does anyone know how I fix this issue?

Thanks

0 Kudos
4 Replies
G_W_Albrecht
Legend
Legend

You mean that you do use a proxy for internet access ?  Then why can the clients disable the proxy at all ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
NeilDavey
Collaborator

Yes that's correct. There is no prevention to stop the users from enabling/disabling this feature.

On occasion, its also useful to be able to perform this for testing.

If a user on the LAN (with a PC) unticks this, then the Firewall blocks the traffic which is normal.

Its only MAB users which have this issue which is why I think its a "Route all traffic"/"Split tunneling" issue.
0 Kudos
mdjmcnally
Advisor

Says R77 and above

Versions listed mention R80.x but not R80.30 which I suspect is as it hasn't been updated since 23-Oct-2018 ie before R80.30 released.

 

That would then force all traffic up the VPN to the Check Point Gateway as opposed to relying on the fact that the Proxy is seen as reachable via the Gateway.

That way if disable the PAC when connected to the VPN would still force the traffic over the SNX tunnel.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events