This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sajin
Contributor
‎2020-05-08 08:22 AM

MEP, Remote Access and S2S

We had tested VPN Routing from Remote Access to S2S VPN. IN HO we do have four Firewalls for Remote Access VPN and all the four are in MEP. All the firewall is managed by single Management.

When tested, MEP is not allowing the Remote Access VPN to go to S2S because of overlapping. We just removed S2S Peer gateway from Remote Access community and everything is working fine as normal. But the problem here is there are users who will be connecting to the Peer gateway directly through Remote Access.

We need MEP and Remote Access VPN for the Peer gateway simutaneously.

Is there any road map for Multiple remote access community.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-05-10 02:26 PM

Not clear how multiple Remote Access encryption domains would solve the issue you're describing.
In any case, Secondary Connect will permit the client to directly connect to the gateway where resources will be accessed from.
That's probably what you want to do here.
Refer to: http://downloads.checkpoint.com/dc/download.htm?ID=60345
0 Kudos
sajin
Contributor
‎2020-05-11 12:14 AM
In response to PhoneBoy

Hi,

Thank you for your reply.

As i mentioned in the previous loop, We had removed Peer Gateway from Remote Access Community to work Remote Access Client connect to peer gateways through HO Firewall S2S VPN  because of MEP overlapping. Multiple HO Firewalls are in MEP. Now the peer gateway is not in Remote access Community. User needs to access Remote Access direct to peer gateways encryption domain.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-11 04:46 PM
In response to sajin

A diagram with exactly how you want the traffic to flow in this case would be helpful along with an explanation of the encryption domains in question.

Note that MEP should work if one site has an encryption domain that is a "proper subset" of the other (i.e. Site A's encryption domain is completely contained in Site B's encryption domain with no unique elements not included in Site B's encryption domain).
0 Kudos
sajin
Contributor
‎2020-05-12 12:12 AM
In response to PhoneBoy

Hello,

 

The Peer gateway is not the part of MEP. I had attached the screenshot for your quick reference. Please check.

 

 

Preview file
84 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events