This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
naveda
Employee
Employee
‎2022-04-26 10:48 PM

Query related to blocking the internet when capsule users are connected to VPN from mobile devices v

Jump to solution

 
Hi Team,
A customer has a requirement, where they wanted to block the internet for Remote access VPN users when they are connected, to achieve that I have configured desktop policy and their requirement is fulfilled but now they have the same requirement for all mobile users using the capsule.
Is it possible to do so, or do we have any alternate option to fulfil this requirement?
 
 
 
 

 

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend
Legend
‎2022-04-27 02:43 AM

Jump to solution

This is possible using the Route All Traffic feature:

https://dl3.checkpoint.com/paid/5e/5ee546112df339d6bef37872e26c2434/CP_CapsuleVPNClient_AdminGuide.p...

CCSE CCTE SMB Specialist

View solution in original post

(1)
PhoneBoy
Admin
Admin
‎2022-04-28 05:59 AM
In response to naveda

Jump to solution

Harmony Mobile doesn't filter all Internet traffic, but it does block certain malicious traffic (phishing/bots).
And no, an MDM can't do that alone, but an MDM can be used to place restrictions on the device when it falls out of compliance and/or isn't secure according to Harmony Mobile.

Whether or not you "block" Internet when using Route All Traffic is a function of the specific access policy.

View solution in original post

7 Replies
G_W_Albrecht
Legend
Legend
‎2022-04-27 02:43 AM

Jump to solution

This is possible using the Route All Traffic feature:

https://dl3.checkpoint.com/paid/5e/5ee546112df339d6bef37872e26c2434/CP_CapsuleVPNClient_AdminGuide.p...

CCSE CCTE SMB Specialist
(1)
naveda
Employee
Employee
‎2022-04-28 01:19 AM
In response to G_W_Albrecht

Jump to solution

@GW_W_Albrecht, thank you for your response. I have checked the guide, it just shows the way to route all traffic to the gateway. I also want to know if I configure route all traffic to the gateway, wouldn't this way increase the overhead on the gateway, when all traffic from the client will be passed through the gateway.

 

If the customer will agree to do that, after enabling the feature, we can restrict the traffic in policy right?

Please clarify on this. Thanks!

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-04-28 02:26 AM
In response to naveda

Jump to solution

Of course the Route All Traffic feature will increase GW load ! As this feature only works while VPN is connected it also will only do TP for client traffic during that time. This was your customers request and he may have good reasons for it - i would prefer not to use the Route All Traffic feature, but also install the Harmony Mobile protect app on mobile devices. This gives safety anytime !

CCSE CCTE SMB Specialist
0 Kudos
naveda
Employee
Employee
‎2022-04-28 05:55 AM
In response to G_W_Albrecht

Jump to solution

By that means, with harmony mobile, we can achieve the requirement to restrict users to access the internet when VPN is connected or it is just to prevent malicious traffic to route through the gateway.

Also, I want to know if we can suggest them to go with any 3rd party MDM or achieve that requirement. 

Please confirm one more thing, if customer agrees to enable route all traffic through gateway feature, we can restrict particular user traffic by access policy but blocking destination as internet, right?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-04-28 05:59 AM
In response to naveda

Jump to solution

Harmony Mobile doesn't filter all Internet traffic, but it does block certain malicious traffic (phishing/bots).
And no, an MDM can't do that alone, but an MDM can be used to place restrictions on the device when it falls out of compliance and/or isn't secure according to Harmony Mobile.

Whether or not you "block" Internet when using Route All Traffic is a function of the specific access policy.

naveda
Employee
Employee
‎2022-04-28 06:15 AM
In response to PhoneBoy

Jump to solution

Thanks @G_W_Albrecht and @PhoneBoy  I will try to do this in my lab and propose this option as route all traffic to the gateway to achieve their requirement. 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-04-28 08:07 AM
In response to naveda

Jump to solution

No, as @PhoneBoy  wrote, harmony mobile protects mobile devices all the time. Complete internet traffic by connected clients using the Route All Traffic feature can be restricted and undergo TP on GW. Or disabled completely, of course...

CCSE CCTE SMB Specialist
0 Kudos