This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ricardo_Gros
Collaborator
‎2019-11-08 07:21 AM
Jump to solution

Endpoint Vpn Location awareness

Hi,

 

We have stumbled upon a small issue and we would like your opinion on a possible solution

 

So we have a client behind a site 2 site tunnel. The client has Location awareness active and is always building the VPN directly to its VPN gateway, as the connection goes over the external link it is always detected as Outside.

How do we make the Client understand that he is actually internal and should use the Site 2 site tunnel and does not need to build up the client VPN?

 

The option Domain controller and Network Group is not acceptable, the first does not work as intended and the 2 could lead to other issues, are there any quick solutions for this?

Problem Endpointclient.PNG

 

Preview file
34 KB
0 Kudos
1 Solution

Accepted Solutions
David_Ulloa
Contributor
‎2022-02-19 10:44 AM
Jump to solution

Ricardo,

I had a similar issue, this is what worked for me.

We created a network group that we called, "Public  Networks" and then we created individual networks that would encompass our external public dedicated networks and associated them to the previous group.

Then we configured the network location awareness telling the gateway that every time a user tried connecting from the previously created group they should be consider internal and kicked them out.

This worked as a charm and it was the easiest solution ever. 

 

Hope this helps

@DrVavin

 

 

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2019-11-09 12:21 AM
Jump to solution

Please explain the statements you made in your last paragraph.
0 Kudos
Ricardo_Gros
Collaborator
‎2019-11-11 12:09 AM
In response to PhoneBoy
Jump to solution

The option Domain controller and Network Group is not acceptable:

If we enable this it does not work smoothly because the Domain Controller is accessible over the Client VPN.


Explicitly configuring the Network can lead to the situation where at a non trusted location with the same addressing the clients thinks he is internal.

 

We are investigating if adding the Local networks behind remote site to the encryption domain solves this issue.

 

 

 

0 Kudos
ksparke
Explorer
‎2019-11-21 05:03 AM
In response to Ricardo_Gros
Jump to solution

Hi , Ricardo,
how does you solved this issue with the location awareness? We have the same setup, and would be very interested in your solution. Thanks
Kim
0 Kudos
Dominik_L
Explorer
‎2021-04-28 07:08 AM
Jump to solution

Is there any solution to this problem?

 

Regards

David_Ulloa
Contributor
‎2022-02-19 10:44 AM
Jump to solution

Ricardo,

I had a similar issue, this is what worked for me.

We created a network group that we called, "Public  Networks" and then we created individual networks that would encompass our external public dedicated networks and associated them to the previous group.

Then we configured the network location awareness telling the gateway that every time a user tried connecting from the previously created group they should be consider internal and kicked them out.

This worked as a charm and it was the easiest solution ever. 

 

Hope this helps

@DrVavin

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events