This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
peter_schumache
Collaborator
‎2020-02-06 01:49 AM

Secure user access to out of band firewall

We have a 1550 firewall in front of some out of band switches. We want a secure access to these OOB equipment in case of a disater. Mobile access blade is NOT supported by the 1550 models, just the IPSec VPN.

What szenarios would be possible here? I'm considering the following:

  • Site-to-Site VPN to the azure cloud, which holds a jump host accessible from the Internet
  • Access rule for ssh and/or https with user authentication (2 factor)
  • Some Windows 10 client which requires no mobile access license

 

0 Kudos
Reply
9 Replies
PhoneBoy
Admin
Admin
‎2020-02-07 01:20 AM

You can still use the SNX client with the 1550, just not the MAB portal.
0 Kudos
Reply
peter_schumache
Collaborator
‎2020-02-12 08:02 AM
In response to PhoneBoy

When I'm trying to connect from my Windows Client to the Gateway using https://<external-ip-of-gwy>/sslvpn

I get the following error: ERR_EMPTY_RESPONSE

 

What did I miss / Can I check else?

0 Kudos
Reply
peter_schumache
Collaborator
‎2020-02-25 02:48 AM
In response to PhoneBoy

How exactly would I use/configure the SNX on the 1550?

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-02-25 08:01 AM
In response to peter_schumache

To enable SNX, go to VPN > Remote Access > Blade Control.
Make sure SSL VPN is checked and click Apply.
If you click the "How to connect" link, you will be pointed to access https://external-ip:4433
This will bring you to a web page where you can download the SNX client.
0 Kudos
Reply
peter_schumache
Collaborator
‎2020-02-25 08:58 AM
In response to PhoneBoy

I've trouble finding the VPN> Remote Access > Blade Control > SSL VPN setting.
Where is it? On the VPN Gateway or in global properties? Or somewhere else?
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-02-25 10:38 AM
In response to peter_schumache

On the WebUI of the 1550.
I initially checked on my 750, but confirmed this should also exist on the 1550 as well.
0 Kudos
Reply
peter_schumache
Collaborator
‎2020-02-25 10:51 PM
In response to PhoneBoy

Since the 1550 is centrally managed, the above options don't work.
From the Security Dashboard in teh WebUI, I can see all possible blades, but I can't modify any of the settings
0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2020-02-25 11:59 PM
In response to peter_schumache

So please configure it in Dashboard 😎...

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-02-26 10:36 AM
In response to peter_schumache

For a centrally managed SMB appliance, you would enable access for Check Point Mobile/SNX as part of the Remote Access configuration.
I believe the portal I referred you to (e.g. https://external-ip:4433) will still be how the clients download the SNX client.
0 Kudos
Reply