Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
shawmcbigdis
Explorer

restricted VPN for Vendor account

I'm trying to create a way for a vendor to VPN in and RDP only to the specific machine they need, but I can't seem to find a way. I saw this thread and followed what it says;

 

https://community.checkpoint.com/t5/Remote-Access-VPN/VPN-Limit-specific-vendors-to-specific-IPs-on-...

 

But it just lets the user connect via the VPN client, but then can't get anywhere. I got the same results when I tried to create it using a CP Local user.

I currently have the rule setup to allow access to the whole network that the machine is on, and all protocols, but still nothing;

 

I am fairly new to the Checkpoint, and admittedly do not fully understand the VPN functions yet, so I am sure I am missing something, just not sure what.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Screenshots of precisely what you configured would be helpful.
If you’re using Access Roles as mentioned in that thread, make sure Identity Awareness is configured AND Remote Access is an identity source in the gateway object (it’s not enabled by default).

0 Kudos
shawmcbigdis
Explorer

policy2.PNG

The top policy is our existing user VPN, the bottom is the one I am trying to set up for the vendor

0 Kudos
PhoneBoy
Admin
Admin

The next needed screenshots (with sensitive data redacted) would be:

  1. How the Access Role is defined
  2. What the logs look like when the vendor attempts access
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events