This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tropicanaslim
Contributor
‎2024-02-05 05:29 AM

Split Policy for Internal Users and Contractors - VPN

Hello Checkpoint Checkmates,

I got some queries from customer regarding how CP best practice for splitting policy for internal users and contractors.

Any possibility with single office mode IP to split the segment for internal users[AD integration] and contractors[local database]? So i can create 2 VPN policies based on the segment IP.

What is the best practice from CP for split policy from AD Users and Local Database? I think this is possible, but i lack of knowledge about this. 

Suggestion or input are welcome 🙂 Thankyou

0 Kudos
5 Replies
Lesley
Advisor
‎2024-02-05 10:09 AM

Instead making rules based on IP I would make then the rules based on AD group and or local group. Blade Identity Awareness would help then.

I assume you do not have Endpoint? Then you could do stuff with desktop security. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
tropicanaslim
Contributor
‎2024-02-05 06:50 PM
In response to Lesley

Yes, we have Endpoint solution use harmony endpoint. Any suggestion to combine VPN and endpoint agent based on these request?

0 Kudos
the_rock
Legend
Legend
‎2024-02-05 10:13 AM

@Lesley hit the nail on the head, as they say. Put it this way, identity awareness blade is "golden" in such cases, because it will ALWAYS follow the user, regardless where they log in. If you dont have that enabled, good luck "chasing" the user.

Best,

Andy

tropicanaslim
Contributor
‎2024-02-05 06:51 PM
In response to the_rock

thanks @the_rock let me check for this feature and possibility in the customer env.

0 Kudos
the_rock
Legend
Legend
‎2024-02-05 07:02 PM
In response to tropicanaslim

I really think it would help you.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events