This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mcguppy
Participant
‎2022-07-14 02:41 AM

two VPN connections with the same client

Is it possible to connect a VPN within a VPN with the checkpoint "Check Point Mobile" client?

The problem is as follows: Today to get to the company network, we are using WatchGuard VPN. As soon as I am connected there, I have to open another VPN with the product of Palo Alto to get to the target environment. This is working without problems.

We have decided to replace both firewalls with checkpoint firewalls. Like this, I have to do all with the same client (not with two different products like today).

Is this possible with "Check Point Mobile" client at all?

 

Thanks for helping me.

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2022-07-14 04:59 AM

If you want to connect to two separate VPN GWs from the same client at the same time, it is not possible. Event in your current setup, you are using two different clients to open two tunnels.

However, you can do VPN routing that would allow you to connect to the target environment through S2S VPN tunnel between two sites.

What I am saying is, that you connect with your RAS VPN client to GW A and need to reach a server that belongs to GW B VPN domain. This is possible if there is a site-to-site tunnel between GW A and GW B.

 

 

0 Kudos
mcguppy
Participant
‎2022-07-14 05:18 AM
In response to _Val_

Hello Admin

Thank you very much for your help.

The solution for the S2S would work as long as we have only one target environment or if we have different subnets in the different target environments. But we will have multiple target environments (different GW B) always using the same subnets, and so it can't be handled with routing on GW A.

But we will find a solution, either via the VDI environment in the corporate network which is then used as a jumphost where we again use the checkpoint VPN client to connect to the different GW B's or by placing another VPN product in the target environment behind the second checkpoint that terminates the VPN (e.g. openVPN).

I just wanted to make sure it really wasn't possible before designing a workaround, and with your answer it's clear now. 

Thank you very much.

0 Kudos
_Val_
Admin
Admin
‎2022-07-14 05:51 AM
In response to mcguppy

No problem

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events