This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ALamers
Explorer
‎2021-12-07 03:24 AM

customer want 2 different access per IP for the remote access VPN

Hello

 

Maybe someone have experience with the problem, the same user should have access to different resources behind the firewall based on the VPN remote connection IP, so the user should be able to connect to one public IP on the firewall and have access to one part of the environment and when he connects to another public IP he get access to another part of the environment based on the IP that is assigned to the user, the user should use the same credentials to the authorized.

 

 

(The other issue is that the users may need access to both VPNs, and if they are using the same AD account I cannot see any way of differentiating the two connection other that a different public IP!)

 

I am not even sure that Checkpoint is able to do so, other firewalls are able.

 

Kind regards

 

Andreas

 

 

0 Kudos
1 Reply
RS_Daniel
Advisor
‎2021-12-07 07:12 AM

Hello,

AFAIK it is not possible to assign different permission to users based on the external interface they connect to. We did this with some customer but using two different gateways, each one with its own office mode pool, so the same user would get a different office mode IP depending on which gateway he connects to and creating rules based on IP's and not on access roles, in this case you we needed to assign IP's statically to each user (sk33422).

If gateways are in different sites, you would need to route the vpn client traffic between them to make the resources be available from both gateways. HTH.

Regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events