This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rlamerico
Contributor
‎2021-08-25 02:18 PM

SDL with location awareness

I am working on a specific requirement with Endpoint security VPN E84.40 clients. I read the admin guide in order to enable SDL and location awareness (Global properties>Endpoint connect). It contains a group with our internal IP addresses.

SDL is enabled on the client. Now when these users connect over an external network the SDL pops up which is good. But when the user comes into office the client pops up to connect on VPN again, as I understand client need to recognize that host is in a internal network and give a bypass on VPN client.

 

I have a network with many locations linked by MPLS links and this problem happens just in locations connected on my Datacenter by MPLS, when I connect directly on my LAN on my DataCenter it no happen.

 

I raised a ticket with CP TAC and receive the answer that is necessary to be connected directly on the same network than my gateway, but it is not clear for me, because my locations is connected by MPLS but have access to firewall directly.

 

Maybe there is a configuration missing in some point.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-08-25 02:26 PM

What settings are you using?

rlamerico
Contributor
‎2021-08-28 10:44 AM
In response to PhoneBoy

Hi PhoneBoy,

I have enabled the SDL on my client and configure "network location awareness" with my network range 10.0.0.0/8.

Screenshot_223.png

 

PhoneBoy
Admin
Admin
‎2021-08-28 05:10 PM
In response to rlamerico

In the remote sites, it is connecting to the gateway via the internal interface or via the external interface?

rlamerico
Contributor
‎2021-08-30 07:45 AM
In response to PhoneBoy

Hi PhoneBoy,
In remote sites, we have an MPLS connecting with my DataCenter, in this case we are connecting with the internal interface, but I don´t have a specific configuration for that, on my client, I just configure my external IP when creating a profile.

The only configuration that I have to inform what is my internal LAN is on "location awareness".

 

PhoneBoy
Admin
Admin
‎2021-08-30 08:16 AM
In response to rlamerico

Have you confirmed traffic to the gateway's external IP is in fact traversing the MPLS?

0 Kudos
rlamerico
Contributor
‎2021-08-30 07:38 PM
In response to PhoneBoy

Yes, in this case, the client can´t reach the gateway´s external IP and it is correct because he is on my LAN, in my mind the client when connected on the first time on VPN need to receive the topology and the information about my internal range and based on this information don´t request to connect when receive one ip from my internal range.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events