cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Secure user access to out of band firewall

We have a 1550 firewall in front of some out of band switches. We want a secure access to these OOB equipment in case of a disater. Mobile access blade is NOT supported by the 1550 models, just the IPSec VPN.

What szenarios would be possible here? I'm considering the following:

  • Site-to-Site VPN to the azure cloud, which holds a jump host accessible from the Internet
  • Access rule for ssh and/or https with user authentication (2 factor)
  • Some Windows 10 client which requires no mobile access license

 

0 Kudos
9 Replies
Highlighted
Admin
Admin

Re: Secure user access to out of band firewall

You can still use the SNX client with the 1550, just not the MAB portal.
0 Kudos
Highlighted

Re: Secure user access to out of band firewall

When I'm trying to connect from my Windows Client to the Gateway using https://<external-ip-of-gwy>/sslvpn

I get the following error: ERR_EMPTY_RESPONSE

 

What did I miss / Can I check else?

0 Kudos
Highlighted

Re: Secure user access to out of band firewall

How exactly would I use/configure the SNX on the 1550?

0 Kudos
Highlighted
Admin
Admin

Re: Secure user access to out of band firewall

To enable SNX, go to VPN > Remote Access > Blade Control.
Make sure SSL VPN is checked and click Apply.
If you click the "How to connect" link, you will be pointed to access https://external-ip:4433
This will bring you to a web page where you can download the SNX client.
0 Kudos
Highlighted

Re: Secure user access to out of band firewall

I've trouble finding the VPN> Remote Access > Blade Control > SSL VPN setting.
Where is it? On the VPN Gateway or in global properties? Or somewhere else?
0 Kudos
Highlighted
Admin
Admin

Re: Secure user access to out of band firewall

On the WebUI of the 1550.
I initially checked on my 750, but confirmed this should also exist on the 1550 as well.
0 Kudos
Highlighted

Re: Secure user access to out of band firewall

Since the 1550 is centrally managed, the above options don't work.
From the Security Dashboard in teh WebUI, I can see all possible blades, but I can't modify any of the settings
0 Kudos
Highlighted

Re: Secure user access to out of band firewall

So please configure it in Dashboard 😎...

0 Kudos
Highlighted
Admin
Admin

Re: Secure user access to out of band firewall

For a centrally managed SMB appliance, you would enable access for Check Point Mobile/SNX as part of the Remote Access configuration.
I believe the portal I referred you to (e.g. https://external-ip:4433) will still be how the clients download the SNX client.
0 Kudos