Endpoint VPN Internet Access

Hoping someone can help me troubleshoot. Endpoint VPN users cannot browse the Internet.

Internal: Works great. Can ping all Internal resources, use Internal websites, resolve DNS internal and external.

Internet: Cannot ping, cannot browse to say Google. Tracert to stops at FW/Gateway.

In Gateway logs. VPN:Blade I dont see any drops, everything is accepted.

Any ideas on how to troubleshoot?

Can someone provide a copy of a Rule example for VPN Internet acccess?




Thank you PhoneBoy.

Great article, that helped me a lot to find the issue.

I had to add Nat Translation to the Office Mode address pool and also add a Static route on the Gateway.

It is now working perfectly.

The Checkpoint Documentation to set this up is incomplete and Confusing, makes it a lot harder than it should be. I could do a video of how to set this up in 5 minutes, I spent days trawling through SK's to get the VPN up and running correctly.

I find most of the Documentation obsure and need to look at 20 SK to achieve one thing.

Static Route SK.


Command I ran with my Network details.

set static-route nexthop gateway address priority 1 on


We are definitely looking for more How-To videos and would welcome your submission.
