Solved: Remote access client and local resource

lucag74 · ‎2021-10-07

Scenario

Notebook With client Endpoint Security --> Checkpoint Quantum Spark 1530 Appliance

Notebook connect to Checkpoint all fine, he can see the entire LAN network, i used office mode. All fine.

What i need is a bidirectional comunication. Pc on lan network to have access to one port listening on notebook.

It's possible ?

Thank's

G_W_Albrecht · ‎2021-10-08

You need to additionally enable Back Connections in Advanced Settings:

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

PhoneBoy · ‎2021-10-10

For a centrally managed SMB appliance (or for non-SMB appliances), this is the correct setting in Global Properties to allow connections initiated from the LAN to Remote Access VPN clients:

View solution in original post

_Val_ · ‎2021-10-07

You can pit Office Mode IP for a specific user, and then yes, you can do what you need

lucag74 · ‎2021-10-07

OK i put in office mode, i edited file ipassignement.conf and when i connect i receive correct ip address. Do i need to make something other because still not working.

Sorry for newbie question i'm following the user manual.

G_W_Albrecht · ‎2021-10-08

You need to additionally enable Back Connections in Advanced Settings:

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

lucag74 · ‎2021-10-08

Hi, first thank for your answer.

Yes i had already create outgoing roule, i attach screenshot. I tried also with Any instead of Lan Networks.

However i don't rebooted checkpoint after put new ipaggnignement,conf

All work fine user always receive the same ip.

Maybe something wrong on file ?

I had put

##############################################################################################
### Gateway Type IP Address User Name ###
### ============= ===== ======================================== =======================###
##############################################################################################
*, 172.16.10.5, tamponi

lucag74 · ‎2021-10-08

Thank's i tred to activate but nothing.

1) Office per mode use ok

2) Outgoing roule plicy to allow lan to vpn remote access.

3) Enabled back conneccion

i try to enable anti-spoofing on vpn remote access but nothing.

AndréTinoco · ‎2021-10-08

Can you share the policy rule you've created?

lucag74 · ‎2021-10-08

Sure, in attachment all my config

Policy Object

Ipassignmenet.conf

Connetion back

and Office mode

all in form of screenshot.

Sure i'm missing something !

AndréTinoco · ‎2021-10-08

Ok.

In the policy, instead of using the Remote Access object, try to use the Office Mode IP/Network.

lucag74 · ‎2021-10-08

OK i solved the issue. My configuration work like screenshot.

I don't know why i can't ping my remote notebook also if windows firewall it's down but for example i can access the shared folder.

The real missing puzzle for me it's what you suggest me and i report like solutions, the allow back connection.

AndréTinoco · ‎2021-10-08

The Remote Access object could not be mapping the network correctly, but I'm glad you've worked it out.

G_W_Albrecht · ‎2021-10-08

Can we move this to Quantum Spark ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

_Val_ · ‎2021-10-08

Why?

PhoneBoy · ‎2021-10-08

If this were posted somewhere else, that's probably where I'd move it.
However, this deals with both topics, so I'm inclined to leave it where it is. 🙂

PhoneBoy · ‎2021-10-10

For a centrally managed SMB appliance (or for non-SMB appliances), this is the correct setting in Global Properties to allow connections initiated from the LAN to Remote Access VPN clients:

Are you a member of CheckMates?

Remote access client and local resource