Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Heath_Mote
Collaborator
Jump to solution

Centrally Managed Remote Access VPN with Embedded Gaia

Has anyone done this and want to share their setup? We have MANY 1200Rs we are going to be deploying and want to do a remote access VPN that uses AD groups for access. Just any clues on remote access VPN with central management on embedded GAIA would be a start. We are at a loss on getting this setup.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

The reason documentation is sparse specifically for the 1200R in this instance is that, when the 1200R is centrally managed, it's treated like any other Check Point gateway running R77.20 (with some limitations).

The one limitation relevant to this specific use case is that the Mobile Access Web Portal is not available on the 1200R (or any of the SMB appliances for that matter).

The general VPN documentation for R77.x, which covers Remote Access, is here: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm 

For each 1200R you will need to have an encryption domain defined.

Each 1200R you want to access resources behind should have unique IP space behind it (not used behind other gateways).

Each 1200R would be added to the Remote Access VPN community.

Hope that's enough to get you started.

View solution in original post

5 Replies
Heath_Mote
Collaborator

Want to add that our environment is R77.30.

0 Kudos
PhoneBoy
Admin
Admin

Just to clarify the question: are you using the 1200Rs as Remote Access Clients to a central location or are trying to access resources behind the 1200R with Remote Access Clients? More information about the type of configuration you're hoping to achieve will be helpful in providing you the right guidance.

0 Kudos
Heath_Mote
Collaborator

Thanks for the quick reply Dameon. We will be accessing devices/subnets on the LAN side of the 1200Rs and the 1200Rs will be edge devices to which we would like to terminate the remote access. I've looked through the documentation specifically for the 1200Rs and the VPN setup for a centrally managed embedded device is very sparse...

0 Kudos
PhoneBoy
Admin
Admin

The reason documentation is sparse specifically for the 1200R in this instance is that, when the 1200R is centrally managed, it's treated like any other Check Point gateway running R77.20 (with some limitations).

The one limitation relevant to this specific use case is that the Mobile Access Web Portal is not available on the 1200R (or any of the SMB appliances for that matter).

The general VPN documentation for R77.x, which covers Remote Access, is here: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm 

For each 1200R you will need to have an encryption domain defined.

Each 1200R you want to access resources behind should have unique IP space behind it (not used behind other gateways).

Each 1200R would be added to the Remote Access VPN community.

Hope that's enough to get you started.

Pedro_Espindola
Advisor

Check sk118796 to see if you get the "kfunc not supported error". It helped me to get Remote Access working in a 1470.

Just configure a rule as you would for normal internal traffic and DO NOT add the Remote_Access community to it, just leave community field blank.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events