Create a Post
Showing results for 
Search instead for 
Did you mean: 

Mobile Access SSL Extender issue on firewall with VPN established to same site

We have several hundred Mobile Access SSL Extender clients in use by employees, vendors and partners.  We also have about 150 VPNs defined to small rural hospitals (we are a larger Midwest hospital).

We have a disconcerting number of SSL Extender clients that seem to regularly visit these rural hospitals where they NAT all traffic leaving their facility to one address, even public internet access.  The problem occurs when the client needs to talk to the CheckPoint firewall directly and the CheckPoint denies the traffic as communication in the clear. 

Has anyone else seen this issue?  What do you do to circumvent the limitation? We cannot exclude https traffic from the VPN as many of these sites include https traffic already between internal devices on the two respective networks.

We are contemplating moving Mobile Access to another firewall, but that's going to be expensive in terms of time and acquisition costs.


0 Kudos
2 Replies


We had a similar issue in one of our customers and end up allowing access to some of the involved services published on the SSL Extender via the S2S VPN, I know that this may be a security issue in your case so maybe it's not a viable solution.

Have you tried to set up the SSL Extender protal in another IP different that the one that you are using to terminate S2S VPNs?

0 Kudos


Scenario 3 in sk108600 might be worth reviewing.

0 Kudos