Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

temporary disable remote access

For a migration test we are looking for a way to disable quick and temporary remote access on a gateway and get it back enable as fast as possible.

We are using the Endpoint VPN client only to connect to the gateway, no SNX. 

Blocking access to the gateway for NAT-T and HTTPs with a firewall in front of the gateway does work. But we have some site2site VPNs using NAT-T and they are blocked, which we not want.

Removing the gateway from the remote access community is a solutions but this has to much impact of the configuration, we don't want.

Any other ways to disable or block or anything else like stopping a service to disable the remote access temporary?

 

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

I do not think so - looking through https://support.checkpoint.com/results/sk/sk97638 all possibilities to stop processes for RA VPN will also affect S2S VPN...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Alex-
Leader Leader
Leader

You could add a top layer with the office mode network allowed by default and blocked when you need it, followed by any/any/accept to your main layer.

0 Kudos
PhoneBoy
Admin
Admin

HTTPS isn't needed for S2S VPN so it can be safely blocked.
If you have remote VPN peers with fixed IPs, you can block NAT-T from other hosts (temporarily) to effectively "disable" Remote Access using fwaccel dos commands.

0 Kudos
Wolfgang
Authority
Authority

Just to inform....blocking HTTPS from any to our RemoteAccess-gateway via the firewall-gateway in front does the job. No need to block NAT-T.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events