This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Thorsten_Kowalc
Explorer
‎2018-10-29 07:01 AM

SecuRemote with IP Pool NAT

Hi Folks, I'm sitting here and the old #SecuRemote with R80.10 driving me crazy. I have configured IP Pool NAT in my R80.10 Cluster. 

In 77.30 this was working properly. Since R80.10 it is not working any longer and I get IP's from a DHCP Server somewhere in the wild from my net. Do you have any ideas? How to get my IP Pool back? 

Just for info, we just using the free SecuRemote licences. 

Regards

8 Replies
PhoneBoy
Admin
Admin
‎2018-11-03 12:20 AM

Office Mode is not supported with the SecuRemote client.

The fact it worked in R77.30 could be considered a bug.

0 Kudos
Matthias_Haas
Advisor
‎2018-12-20 04:16 AM

Hi Thorsten,

I guess it is no longer relevant, but your screenshot does not show the IP Pool-NAT settings, should be this Tab :

I have tested it with R80 a while ago and it was still working

Matthias

0 Kudos
I_Santos
Contributor
‎2021-11-19 10:00 AM

I know it has been a long time since this post last update, but I'm facing the same situation. I can't use the IP Pool NAT, even when I've set the network at the right location (image below). It is really like there is a DHCP server somewhere providing addresses that even are configured on the firewalls. 

Someone knows how to implement this feature with SecuRemote?

OBS: I have read the article from @PhoneBoy about the use with SecuRemote (Quick Primer on How to Configure your Gateway for SecuRemote) but I think I'm missing something.

 

I_Santos_0-1637344453768.png

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-19 10:15 AM
In response to I_Santos

DHCP implies Office Mode, which SecuRemote does not provide.
That means DHCP is irrelevant, you can only use IP Pool NAT.
Each client will have something like a 192.168.0.1 assigned to it on the client itself.

0 Kudos
I_Santos
Contributor
‎2021-11-19 10:49 AM
In response to PhoneBoy

Thanks for replying @PhoneBoy.

In my case, the SecuRemote client is getting a 10.8.220.0/24 network, which is not part of the topology, but I have one network object with this range. I can see new routes from the gateway VPN domain, and the output of "route print" points this routes to an IP of 10.8.220.0/24 range. 

Can I state that if I am using SecuRemote I need to see the IP Pool NAT address range at the client?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-19 11:12 AM
In response to I_Santos

Some IP address must be assigned to the client in order to route traffic for the relevant subnets through the Remote Access VPN interface.
In the case of Office Mode, we use the IP address assigned as part of that process.
For SecuRemote, we choose a subnet that doesn't conflict (it varies), and it probably won't be the subnet configured for IP Pool NAT.

0 Kudos
I_Santos
Contributor
‎2021-11-19 11:25 AM
In response to PhoneBoy

For SecuRemote, we choose a subnet that doesn't conflict (it varies), and it probably won't be the subnet configured for IP Pool NAT.

So, can I assume that it is not user defined?

Sorry to stick on this, but I'm struggling to configure firewall rules and access from SecuRemote traffic. Can you give an example of how can I point my rules and routes to manage the SecuRemote incoming traffic?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-19 04:30 PM
In response to I_Santos

Incoming from what: the SecuRemote client?
The primer you linked to previously should cover that.

Incoming traffic to the SecuRemote clients aren't supported.
That requires Office Mode, which is not supported with SecuRemote.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top