cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Heath_Mote
Copper

Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

Has anyone done this and want to share their setup? We have MANY 1200Rs we are going to be deploying and want to do a remote access VPN that uses AD groups for access. Just any clues on remote access VPN with central management on embedded GAIA would be a start. We are at a loss on getting this setup.

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

The reason documentation is sparse specifically for the 1200R in this instance is that, when the 1200R is centrally managed, it's treated like any other Check Point gateway running R77.20 (with some limitations).

The one limitation relevant to this specific use case is that the Mobile Access Web Portal is not available on the 1200R (or any of the SMB appliances for that matter).

The general VPN documentation for R77.x, which covers Remote Access, is here: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm 

For each 1200R you will need to have an encryption domain defined.

Each 1200R you want to access resources behind should have unique IP space behind it (not used behind other gateways).

Each 1200R would be added to the Remote Access VPN community.

Hope that's enough to get you started.

5 Replies
Heath_Mote
Copper

Re: Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

Want to add that our environment is R77.30.

0 Kudos
Admin
Admin

Re: Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

Just to clarify the question: are you using the 1200Rs as Remote Access Clients to a central location or are trying to access resources behind the 1200R with Remote Access Clients? More information about the type of configuration you're hoping to achieve will be helpful in providing you the right guidance.

0 Kudos
Heath_Mote
Copper

Re: Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

Thanks for the quick reply Dameon. We will be accessing devices/subnets on the LAN side of the 1200Rs and the 1200Rs will be edge devices to which we would like to terminate the remote access. I've looked through the documentation specifically for the 1200Rs and the VPN setup for a centrally managed embedded device is very sparse...

0 Kudos
Admin
Admin

Re: Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

The reason documentation is sparse specifically for the 1200R in this instance is that, when the 1200R is centrally managed, it's treated like any other Check Point gateway running R77.20 (with some limitations).

The one limitation relevant to this specific use case is that the Mobile Access Web Portal is not available on the 1200R (or any of the SMB appliances for that matter).

The general VPN documentation for R77.x, which covers Remote Access, is here: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm 

For each 1200R you will need to have an encryption domain defined.

Each 1200R you want to access resources behind should have unique IP space behind it (not used behind other gateways).

Each 1200R would be added to the Remote Access VPN community.

Hope that's enough to get you started.

Re: Centrally Managed Remote Access VPN with Embedded Gaia

Jump to solution

Check sk118796 to see if you get the "kfunc not supported error". It helped me to get Remote Access working in a 1470.

Just configure a rule as you would for normal internal traffic and DO NOT add the Remote_Access community to it, just leave community field blank.