This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ave_Joe
Contributor
‎2020-03-22 08:06 AM

Office Mode IP address space

Good day.

Question about Office Mode IP's.

For this thread let's assume the gateway has a license for unlimited users.

In my config the CP_default_Office_Mode_addresses_pool is set to 172.16.10.0/24.  This address space has 254 hosts.  Does this mean that this setting can accommodate 254 simultaneous users?  Or is this space only capable of having only 127 simultaneous users as the it seems when connected the client gets an Office Mode IP but then the gateway assigned is the previous IP in the Office Mode network?

For example, below is a sample from a connected client.

utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
inet 172.16.10.5 --> 172.16.10.4 netmask 0xffffff00

So if the need is to scale remote access VPN users getting Office Mode IP's to 1000 simultaneous users is it sufficient to change the Office Mode network to be 172.16.8.0 /22 or does it need to be set to 172.16.0.0 /21 to accommodate the VPN clients gateway?

Thoughts?

2 Replies
Maarten_Sjouw
Champion
Champion
‎2020-03-22 11:15 AM

When I check a gateway that has about 50 users connected, issueing this command: fw tab -t om_assigned_ips -s
Shows 2 more that the connected users, which would tell me that a /22 should be more than sufficient.
Regards, Maarten
0 Kudos
german
Explorer
‎2020-03-23 01:48 PM

It will allocate the expected 254 addresses, the virtual gateway offered to every client is actually not consuming an ip from the pool.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events