This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gaurav_Pandya
MVP
MVP
‎2018-01-03 03:30 AM
Jump to solution

Mobile Access Default Route

Hi All,

I am implementing Mobile access blade for one of the customer. All the features like, LDAP integration, Compliance check for endpoint security has been done successfully.

Now the requirement is that when user connects to Mobile access SSL VPN, he must use corporate Internet, means all routes gateway should be Corporate firewall and split tunneling feature should be disabled.

I have followed sk31873 and configured GUIDBedit from "route_all_client_traffic_to_connectra" = True

Now I am getting all the routes and also security policy is in place for Office_Pool but still I am unable to browse internet.

In tracker, I am getting below error.

Need expert advise. 

1 Solution

Accepted Solutions
Gaurav_Pandya
MVP
MVP
‎2018-01-10 07:35 AM
Jump to solution

Hi All,

Finally Issue is resolved by creating new Native application with "Internet Ranges" and apply to Mobile access Rule.

  1. Select 'Applications > Native Applications'.
  2. Click 'New'. Select 'Authorized Locations'.
  3. Click 'Address Range' and type in the range "0.0.0.1 - 255.255.255.254". Click 'Save'.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2018-01-04 07:47 AM
Jump to solution

Have you followed the advice in this SK? 

"Encryption Failure: according to the policy the packet should not have been decrypted" log in Smart... 

Gaurav_Pandya
MVP
MVP
‎2018-01-04 08:15 AM
In response to PhoneBoy
Jump to solution

Hi,

This article is more related to IPsec VPN. I am using Mobile access SSL VPN.

I have also checked that the Office mode IP (Office_pool) is not part of encryption domain.

Gaurav_Pandya
MVP
MVP
‎2018-01-10 07:35 AM
Jump to solution

Hi All,

Finally Issue is resolved by creating new Native application with "Internet Ranges" and apply to Mobile access Rule.

  1. Select 'Applications > Native Applications'.
  2. Click 'New'. Select 'Authorized Locations'.
  3. Click 'Address Range' and type in the range "0.0.0.1 - 255.255.255.254". Click 'Save'.
Jerry
Mentor
Mentor
‎2019-05-23 07:43 AM
In response to Gaurav_Pandya
Jump to solution

now under R80.30 I've got similar issue

my MAB was working like a charm till ... R80.30 upgrade

my MAB Apps are just few plus Internet (done via Native 0.0.0.1-255.255.255.245) also in place

however, I do have an issue with only one little thing (all things works like a charm and I have not a single reason to complain) except ...

 

my IMAPS does not work with GMail.google.com when connected via EPS for Windows (E.80.96-E81.00).

 

just IMAPS with GMail does not work (native MS Outlook client) - all the rest works ie. Exchange Server to O365 etc.

 

my complete package contains all communication channels VIA MAB so all-gateway-mode not a SPLIT-TUNNEL, however all seems to be working just fine except ... GMail IMAPS (tcp).

just so you know I've made an exception no IPS/ThreatPrevention in order to facilitate src/dst with IMAPS ports.

still no go

 

I was just wondering whether any of you guys experienced such thing or ... would rather not use MAB for both (LAN/WAN) at the same time? 😛

 

thanks in advance for all your hints

 

ps. what do you think mate @PhoneBoy & @_Val_ ?

Jerry
0 Kudos
Jerry
Mentor
Mentor
‎2019-05-23 07:52 AM
In response to Jerry
Jump to solution

sorry guys, my bad, please remove my previous post 😞 shame but I found a reason not related to CP but bloody Win10 Firewall ... 

Jerry
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events