Hi All,
I'm a newbie to Checkpoint. I have a query regarding the remote access VPN using local user created on Checkpoint and I hope somebody can help me since this is pretty straightforward with other vendors.
We have a 2x 5000 Checkpoint appliance running in an Active/Passive scenario. We have integrated AD with our checkpoint and already we have Client-to-Site VPN running smoothly for the users in AD.
We have a new requirement to allow 3rd party users (3 users) to access our internal resources via RA VPN. These users are external and we don't have them in our AD.
The configuration steps done so far are:
1) Configured a new local user-group in Checkpoint
2) Configured 3 new local users and added them to the local user-group in Step 1
3) Added the local user-group created in Step 1 to the RA VPN community under Participant User groups
The requirement is to allow these three 3rd party users to access different internal resources via RA VPN. For eg, user1 wants to access Server01, user2 wants to access Server02 and user 3 wants to access Server03.
In order to satisfy the above requirement, I configured an access role but I'm unable to attach this access role with individual local users created on the Checkpoint. I'm only able to attach it with the local user-group and not the individual users themselves. Please find the attached image.
The problem is that I can create access roles for local-user groups only and not individual local-users and hence, the firewall rules can only be created based on the local-user group. For now, even though we have 3 firewall rules created, all traffic is going through the top rule only since the access-role object contains the local-user group details only.
As far as I know, we use access roles in Checkpoint to create the firewall rules. Also, I found we can add local-group to the firewall rules by adding legacy user-access option.
May I please know is there any other way we could add individual local users created on Checkpoint to the firewall rules? I believe I'm missing something here.
Can somebody help me to resolve this?
One more query- Besides Checkpoint Capsule, Is there any we could connect IOS/Android devices to Checkpoint RA VPN?
Thank you in advance 🙂
equirement