This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LazarusG
Collaborator
Collaborator
‎2025-05-01 06:35 AM

how to have split tunnel RAS on an 1800 with one URL accessed via the firewall

The requirement is;

1) home users break out locally for internet

2) they access LAN resources using office mode RAS

3) one URL needs to be access from the public ip of the firewall.

4) it an 1800SMB

I assumed that if we could add a host entry to the endpoint we could make it resolve to an IP in our encdom then potentially use a nat rule with an fqdn in the destination (sk167194) to forward it on.

I wondered also about using a Secureremote DNS object, but dont think the 1800 likes that.

I wonder if I'm over thinking or just missing a better way of doing this (if its possible at all).

Thanks.

#edit#

i forgot to say its centrally managed via smart-1 cloud

 

0 Kudos
5 Replies
the_rock
Legend
Legend
‎2025-05-01 07:49 AM

Not sure if what I posted below would be relevant here...

Andy

https://community.checkpoint.com/t5/Remote-Access-VPN/Domain-objects-in-remote-access-vpn-domain/m-p...

0 Kudos
LazarusG
Collaborator
Collaborator
‎2025-05-01 09:33 AM
In response to the_rock

that looks interesting - thank you.

(1)
the_rock
Legend
Legend
‎2025-05-01 09:35 AM
In response to LazarusG

No worries. I know wording is little convoluted, since it HAS TO start with exclusions_ and then you can add whatever else to it, but it does work.

Keep in mind, it ONLY applies on split tunnel, not full.

Andy

0 Kudos
LazarusG
Collaborator
Collaborator
‎2025-05-02 02:52 AM
In response to the_rock

Ah thanks - looks like its also in sk167000?

I think this is the opposite of what I am trying to do - this seems to allow the client to break out locally for defined services.

What I need is for one URL to go up the tunnel so its accessed from the gateway.

Appreciate the response though: thanks.

0 Kudos
the_rock
Legend
Legend
‎2025-05-02 04:09 AM
In response to LazarusG

Ah, kk...Isee. In that case it might not be supported, sorry.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events