Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
naveda
Employee
Employee
Jump to solution

Query related to blocking the internet when capsule users are connected to VPN from mobile devices v


 
Hi Team,
A customer has a requirement, where they wanted to block the internet for Remote access VPN users when they are connected, to achieve that I have configured desktop policy and their requirement is fulfilled but now they have the same requirement for all mobile users using the capsule.
Is it possible to do so, or do we have any alternate option to fulfil this requirement?
 
 
 
 

 

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

This is possible using the Route All Traffic feature:

https://dl3.checkpoint.com/paid/5e/5ee546112df339d6bef37872e26c2434/CP_CapsuleVPNClient_AdminGuide.p...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

(1)
PhoneBoy
Admin
Admin

Harmony Mobile doesn't filter all Internet traffic, but it does block certain malicious traffic (phishing/bots).
And no, an MDM can't do that alone, but an MDM can be used to place restrictions on the device when it falls out of compliance and/or isn't secure according to Harmony Mobile.

Whether or not you "block" Internet when using Route All Traffic is a function of the specific access policy.

View solution in original post

7 Replies
G_W_Albrecht
Legend Legend
Legend

This is possible using the Route All Traffic feature:

https://dl3.checkpoint.com/paid/5e/5ee546112df339d6bef37872e26c2434/CP_CapsuleVPNClient_AdminGuide.p...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
(1)
naveda
Employee
Employee

@GW_W_Albrecht, thank you for your response. I have checked the guide, it just shows the way to route all traffic to the gateway. I also want to know if I configure route all traffic to the gateway, wouldn't this way increase the overhead on the gateway, when all traffic from the client will be passed through the gateway.

 

If the customer will agree to do that, after enabling the feature, we can restrict the traffic in policy right?

Please clarify on this. Thanks!

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Of course the Route All Traffic feature will increase GW load ! As this feature only works while VPN is connected it also will only do TP for client traffic during that time. This was your customers request and he may have good reasons for it - i would prefer not to use the Route All Traffic feature, but also install the Harmony Mobile protect app on mobile devices. This gives safety anytime !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
naveda
Employee
Employee

By that means, with harmony mobile, we can achieve the requirement to restrict users to access the internet when VPN is connected or it is just to prevent malicious traffic to route through the gateway.

Also, I want to know if we can suggest them to go with any 3rd party MDM or achieve that requirement. 

Please confirm one more thing, if customer agrees to enable route all traffic through gateway feature, we can restrict particular user traffic by access policy but blocking destination as internet, right?

0 Kudos
PhoneBoy
Admin
Admin

Harmony Mobile doesn't filter all Internet traffic, but it does block certain malicious traffic (phishing/bots).
And no, an MDM can't do that alone, but an MDM can be used to place restrictions on the device when it falls out of compliance and/or isn't secure according to Harmony Mobile.

Whether or not you "block" Internet when using Route All Traffic is a function of the specific access policy.

naveda
Employee
Employee

Thanks @G_W_Albrecht and @PhoneBoy  I will try to do this in my lab and propose this option as route all traffic to the gateway to achieve their requirement. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No, as @PhoneBoy  wrote, harmony mobile protects mobile devices all the time. Complete internet traffic by connected clients using the Route All Traffic feature can be restricted and undergo TP on GW. Or disabled completely, of course...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events