This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Karan0587
Explorer
‎2021-06-16 04:45 PM

Remote Access Link Selection - Staticaly Nated IP

Hi,

Need suggestion on below

The customer has bought a range of IP Addresses from ISP, he wants to use one of the IP Addresses for checkpoint remote access VPN.

I believe we can use that IP Address in Statically Nat IP in link selection ( attached image).

Can anybody suggest what configuration is required from a policy perspective?

 

 

Regards

Karan

Preview file
23 KB
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-06-20 05:48 PM

Beyond this configuration in Link Selection, you should not need to do anything unusual to accept the traffic.
It will be allowed by implied rules.

0 Kudos
Karan0587
Explorer
‎2021-06-20 06:31 PM
In response to PhoneBoy

Thanks for the reply, 

i thought so as well, but does not connect and goes through the clean up rule.

I have to create access policy rule to allo vpn for that IP  isn't ?

0 Kudos
the_rock
Legend
Legend
‎2021-06-20 06:34 PM
In response to Karan0587

Not necessarily that IP, but object itself. So, you can make bi-directional rule for subnets involved (local and remote) and then under vpn column, just select that community, services you need and accept. If traffic fails on clean up rule, there is no any doubt that rule does not exist in the policy to allow it. Unless, the exception could be if you have layers, then it could be catching parent layered rule and then being dropped on explicit layer clean up rule, rather than implicit one, which would always be last rule in the rulebase.

0 Kudos
the_rock
Legend
Legend
‎2021-06-20 06:00 PM

As phoneboy said, config is fine, but as far as policy, just make sure that VPN traffic is allowed as usual, but other than that, you should be good to go.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events