This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Advisor
‎2021-04-05 07:53 PM

Restrict internet once logged in through RA or SNX

Hi Team,

Is there any way to restrict users internet once they logged on to RA vpn or SNX? I know one way is route the entire internet traffic through firewall and no nat rule for Office mode or force fake proxy entry to browsers so that they wont be able to browse the internet.

However it seems those are global settings and I am looking if this can be done for certain users?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-04-05 08:20 PM

As those are global settings, you can't make them apply to specific users: it's all or nothing.
However, a Desktop Policy (using Endpoint Security VPN or Harmony Endpoint) can block browsing to the Internet on the client without having to route all traffic. 

0 Kudos
Blason_R
Advisor
‎2021-04-05 08:31 PM
In response to PhoneBoy

Thanks for the reply - In this case I would need separate EPM server? or Desktop security policy option checked?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-05 08:44 PM
In response to Blason_R

Either option should work (depends on if you use EPM or not).

0 Kudos
the_rock
Champion
Champion
‎2021-04-06 06:38 AM
In response to Blason_R

I think you could use desktop policy, for sure. But, why not just create RA groups and then set up regular policy rules to restrict access?

Just a thought..

0 Kudos