This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarcuzShinz
Collaborator
Collaborator
3 weeks ago
Jump to solution

How to define Remote Access VPN on Check Point Gateway

 

Hi everyone,

I currently have a case that I’m not sure how to handle yet, and I’d like to ask if anyone who has configured a similar setup could share your experience.

Here’s the situation:

  • I have two separate Security Gateways (SGs) managed under the same SmartConsole. Both devices have Remote Access VPN configured. Each gateway is assigned an external DNS for access as follows:
    GW1: vpn03.cybertest.com.vn
    GW2: vpn04.cybertest.com.vn

The issue I’m facing is that when a user connects successfully to vpn03.cybertest.com.vn, performing a tracert shows that the connection is actually coming from the public IP of GW2. I’m not sure if this behavior is related to some kind of load balancing.

Currently, we have not enabled the load balancing feature in Global Properties. I’m considering whether I should apply the define MEP topology configuration and switch it to client_decide, since I want each user to connect to the specific VPN configured on the gateway we designate.

 

 
:automatic_mep_topology ( :gateway ( :map ( :true (true) :false (false) :client_decide (client_decide) ) :default (true) ) ) 
 

Additionally, if the VPN domain is shared between both gateways, could that cause this behavior? Or should we create a separate VPN domain for each gateway?
Looking forward to everyone’s thoughts and suggestions.

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Platinum
MVP Platinum
3 weeks ago
Jump to solution

I would say way to go here is to define different remote access vpn domain for each firewall.

Best,
Andy

View solution in original post

0 Kudos
7 Replies
the_rock
MVP Platinum
MVP Platinum
3 weeks ago
Jump to solution

I would say way to go here is to define different remote access vpn domain for each firewall.

Best,
Andy
0 Kudos
Duane_Toler
MVP Silver
MVP Silver
2 weeks ago
In response to the_rock
Jump to solution

Can that be done?  Last time I looked at defining multiple RA communities it failed to install the policy.

EDIT:  Or did you just mean VPN domains per gateway, all within the same RA community?

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
the_rock
MVP Platinum
MVP Platinum
2 weeks ago
In response to Duane_Toler
Jump to solution

Hey Duane,

Maybe I misspoke or did not explain it right. I meant DIFFERENT ra vpn domains for separate firewalls. Defining multiple remote access communities never worked, would give en error if you try to save it.

Best,
Andy
0 Kudos
Duane_Toler
MVP Silver
MVP Silver
2 weeks ago
In response to the_rock
Jump to solution

AH, ok. Yes, that might be what the OP needs to do.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
the_rock
MVP Platinum
MVP Platinum
2 weeks ago
In response to Duane_Toler
Jump to solution

Thats my thought as well.

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago
In response to the_rock
Jump to solution

Actually, I was able to do it in an early R80.x version...and yeah, it's was a UI bug, since this configuration is NOT supported. 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
2 weeks ago
In response to PhoneBoy
Jump to solution

Funny you mentioned that, I totally remember lol, it worked for 1 day I believe.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events