cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

MAB - Route Traffic via Gateway

We use the Mobile Access Blade for connecting into our systems and we also use a PACFILE for internet access.

Once a user has connected onto the MAB, if they untick the PACFILE on IE, then they can get to websites that would be blocked.

Ie - PACFILE would stop access to File Sharing sites, but a user can uncheck the PACFILE and then access File Sharing sites whilst still connected to the MAB.

I believe this is related around "Route all traffic"/"Split tunneling"

I found this article but as we are R80.30 I am not sure it applies:

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Does anyone know how I fix this issue?

Thanks

0 Kudos
4 Replies

Re: MAB - Route Traffic via Gateway

You mean that you do use a proxy for internet access ?  Then why can the clients disable the proxy at all ?

0 Kudos

Re: MAB - Route Traffic via Gateway

Yes that's correct. There is no prevention to stop the users from enabling/disabling this feature.

On occasion, its also useful to be able to perform this for testing.

If a user on the LAN (with a PC) unticks this, then the Firewall blocks the traffic which is normal.

Its only MAB users which have this issue which is why I think its a "Route all traffic"/"Split tunneling" issue.
0 Kudos
mdjmcnally
Silver

Re: MAB - Route Traffic via Gateway

Says R77 and above

Versions listed mention R80.x but not R80.30 which I suspect is as it hasn't been updated since 23-Oct-2018 ie before R80.30 released.

 

That would then force all traffic up the VPN to the Check Point Gateway as opposed to relying on the fact that the Proxy is seen as reachable via the Gateway.

That way if disable the PAC when connected to the VPN would still force the traffic over the SNX tunnel.