Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
peter_schumache
Collaborator

Secure user access to out of band firewall

We have a 1550 firewall in front of some out of band switches. We want a secure access to these OOB equipment in case of a disater. Mobile access blade is NOT supported by the 1550 models, just the IPSec VPN.

What szenarios would be possible here? I'm considering the following:

  • Site-to-Site VPN to the azure cloud, which holds a jump host accessible from the Internet
  • Access rule for ssh and/or https with user authentication (2 factor)
  • Some Windows 10 client which requires no mobile access license

 

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

You can still use the SNX client with the 1550, just not the MAB portal.
0 Kudos
peter_schumache
Collaborator

When I'm trying to connect from my Windows Client to the Gateway using https://<external-ip-of-gwy>/sslvpn

I get the following error: ERR_EMPTY_RESPONSE

 

What did I miss / Can I check else?

0 Kudos
peter_schumache
Collaborator

How exactly would I use/configure the SNX on the 1550?

0 Kudos
PhoneBoy
Admin
Admin

To enable SNX, go to VPN > Remote Access > Blade Control.
Make sure SSL VPN is checked and click Apply.
If you click the "How to connect" link, you will be pointed to access https://external-ip:4433
This will bring you to a web page where you can download the SNX client.
0 Kudos
peter_schumache
Collaborator

I've trouble finding the VPN> Remote Access > Blade Control > SSL VPN setting.
Where is it? On the VPN Gateway or in global properties? Or somewhere else?
0 Kudos
PhoneBoy
Admin
Admin

On the WebUI of the 1550.
I initially checked on my 750, but confirmed this should also exist on the 1550 as well.
0 Kudos
peter_schumache
Collaborator

Since the 1550 is centrally managed, the above options don't work.
From the Security Dashboard in teh WebUI, I can see all possible blades, but I can't modify any of the settings
0 Kudos
G_W_Albrecht
Legend Legend
Legend

So please configure it in Dashboard 😎...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

For a centrally managed SMB appliance, you would enable access for Check Point Mobile/SNX as part of the Remote Access configuration.
I believe the portal I referred you to (e.g. https://external-ip:4433) will still be how the clients download the SNX client.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events