This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
NeilDavey
Collaborator
‎2019-10-30 03:45 AM

MAB - Route Traffic via Gateway

We use the Mobile Access Blade for connecting into our systems and we also use a PACFILE for internet access.

Once a user has connected onto the MAB, if they untick the PACFILE on IE, then they can get to websites that would be blocked.

Ie - PACFILE would stop access to File Sharing sites, but a user can uncheck the PACFILE and then access File Sharing sites whilst still connected to the MAB.

I believe this is related around "Route all traffic"/"Split tunneling"

I found this article but as we are R80.30 I am not sure it applies:

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Does anyone know how I fix this issue?

Thanks

0 Kudos
4 Replies
G_W_Albrecht
Legend
Legend
‎2019-10-30 03:49 AM

You mean that you do use a proxy for internet access ?  Then why can the clients disable the proxy at all ?

CCSE CCTE SMB Specialist
0 Kudos
NeilDavey
Collaborator
‎2019-10-30 03:53 AM
In response to G_W_Albrecht

Yes that's correct. There is no prevention to stop the users from enabling/disabling this feature.

On occasion, its also useful to be able to perform this for testing.

If a user on the LAN (with a PC) unticks this, then the Firewall blocks the traffic which is normal.

Its only MAB users which have this issue which is why I think its a "Route all traffic"/"Split tunneling" issue.
0 Kudos
mdjmcnally
Advisor
‎2019-10-30 04:43 AM

Says R77 and above

Versions listed mention R80.x but not R80.30 which I suspect is as it hasn't been updated since 23-Oct-2018 ie before R80.30 released.

 

That would then force all traffic up the VPN to the Check Point Gateway as opposed to relying on the fact that the Proxy is seen as reachable via the Gateway.

That way if disable the PAC when connected to the VPN would still force the traffic over the SNX tunnel.

G_W_Albrecht
Legend
Legend
‎2019-10-30 04:54 AM
In response to mdjmcnally

Did you try sk101239: Route all traffic from Remote Access clients, including internet traffic, through Security... yet ? You may also need sk122854: "You are disconnected, please login again" pop-up appears in SNX window.

CCSE CCTE SMB Specialist