This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MrSalazar
Participant
‎2020-02-28 02:28 AM
Jump to solution

Mobile Access Blade on a Centrally managed SMB 1490

Hi, 
Maybe somebody had already this issue, after the Upgrade from the Mgmt Server is not possible to enable the Mobile Access Blade on a SMB 1490.
Locally managed it is posible but the Idea of Central Managed is not. 
Any suggestion? maybe is a Bug or maybe the incorrect way how to activate it. 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2020-02-28 02:59 AM
Jump to solution

You do not give details of what you try to do here - on SMB, no MAB Portal is available, so you only have SNX /SSL VPN RA clients and  SSL VPN Bookmarks (links or RDP). You are unable to activate MAB in Dashboard, all you can do is activate SNX RA VPN clients in VPN Clients > Other. This is also true  for R80.20.01 15x0 devices !

Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations &

Check Point R80.20 for 1500 Appliances Features and Known Limitations :

Mobile Access Blade Partial Partial All
  •   Remote access clients are supported (Endpoint, SNX). 
  • Mobile Access Web Portal is not supported.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
20 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-02-28 02:59 AM
Jump to solution

You do not give details of what you try to do here - on SMB, no MAB Portal is available, so you only have SNX /SSL VPN RA clients and  SSL VPN Bookmarks (links or RDP). You are unable to activate MAB in Dashboard, all you can do is activate SNX RA VPN clients in VPN Clients > Other. This is also true  for R80.20.01 15x0 devices !

Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations &

Check Point R80.20 for 1500 Appliances Features and Known Limitations :

Mobile Access Blade Partial Partial All
  •   Remote access clients are supported (Endpoint, SNX). 
  • Mobile Access Web Portal is not supported.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MrSalazar
Participant
‎2020-02-28 03:05 AM
In response to G_W_Albrecht
Jump to solution

Hi @G_W_Albrecht,
So that explains why this option on the Gateway Object in the SmatConsole is greyed out, so if we have license for MAB, that means SNX or Endpoint?
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-02-28 03:48 AM
In response to MrSalazar
Jump to solution

A MAB license is a blade license bound to a GAiA gateway - and Embedded GAiA 1490 appliances do neither have the MAB blade nor any MAB license at all ! So that means SNX or Endpoint, yes...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MrSalazar
Participant
‎2020-02-28 05:24 AM
In response to G_W_Albrecht
Jump to solution

Thank you ver much
0 Kudos
PointOfChecking
Collaborator
‎2023-04-18 08:30 AM
In response to G_W_Albrecht
Jump to solution

Hi,

I am trying to do the same on an 1800 quantum appliance. On the marketing material it says it has mobile access.

 

Capture18.PNG

also, in my GW object it shows as available.  however, I just can't click on it to enable as it's greyed out.

0 Kudos
Wolfgang
Authority
Authority
‎2023-04-18 11:49 AM
In response to PointOfChecking
Jump to solution

Same with 1800 and 1600 appliances as with 1490, all embedded GAiA appliances have no MOB blade. Only SNX and remote vpn capabilities available.

0 Kudos
PointOfChecking
Collaborator
‎2023-04-18 11:04 PM
In response to Wolfgang
Jump to solution

Thank you.

Can you point me in the direction of "remote vpn capabilities" please? 

 

Thank you.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-04-19 06:32 AM
In response to PointOfChecking
Jump to solution

RA.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PointOfChecking
Collaborator
‎2023-04-19 06:40 AM
In response to G_W_Albrecht
Jump to solution

Thanks, how do I enable that option?  I don't have it.

It's centrally managed (by Smart-1 R80.40) running R80.20

 

Capture.PNG

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-04-19 06:45 AM
In response to PointOfChecking
Jump to solution

 

RA_CM.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PointOfChecking
Collaborator
‎2023-04-19 06:51 AM
In response to G_W_Albrecht
Jump to solution

EDIT*  I should enable IPSec VPN not Mobile Access.  Sorry, I have enabled and I can see the options now.  Thanks.

0 Kudos
PointOfChecking
Collaborator
‎2023-04-19 05:42 AM
In response to Wolfgang
Jump to solution

*edit* This was posted before the above posts in conversation.

 

I have realised I used the wrong terminology.  I am looking to enable Remote Access as below photo.  Where do I go to enable this?

Capture.PNG

0 Kudos
PhoneBoy
Admin
Admin
‎2023-04-20 05:17 PM
In response to PointOfChecking
Jump to solution

Since your SMB appliance is centrally managed, this is configured on your management.
If you've pushed a policy to your SMB gateway that includes Remote Access VPN configuration (for example a Remote Access Encryption Domain), I would expect that to be enabled.
If it's not, then it might just be a cosmetic bug and it should be taken with the TAC.

0 Kudos
PointOfChecking
Collaborator
‎2023-04-20 11:13 PM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy,

 

Thanks, but I have it enabled now.

 

The "VPN OFF" post was posted before the other comment.

Thanks for the advice anyway 🙂 

0 Kudos
Exonix
Advisor
Wednesday
Jump to solution

hello all,

unfortunately, I did not follow the logic of the solution, can you tell me - what am I missing to centrally enable "Remote Access" and IPSec for S2S on Spark 1900?

mobile_access1.png

Tnank you!

 

0 Kudos
PhoneBoy
Admin
Admin
Wednesday
In response to Exonix
Jump to solution

If your 1900 is centrally managed, you've already done it.
IPsec VPN also enables Remote Access via IPsec and SNX.
Mobile Access Blade (only needed for the Web Portal) is not supported on SMB appliances, thus why it appears greyed out in SmartConsole.

Exonix
Advisor
Wednesday
In response to PhoneBoy
Jump to solution

I get it now. That's probably why TAC doesn't respond to me for a long time - apparently they haven't figured out why this is happening yet... But then why are my VPN Blades gray and not activated like the same FirewallI'll try to test RAS tomorrow, maybe it's a display bug...

0 Kudos
PhoneBoy
Admin
Admin
Wednesday
In response to Exonix
Jump to solution

Have you pushed a policy to the gateway that includes a VPN/Remote Access configuration?
By that I mean something outside of simply enabling IPsec VPN on the relevant gateway object.

0 Kudos
Exonix
Advisor
yesterday
In response to PhoneBoy
Jump to solution

yes, i did, but looks like I forgot to add Security Gateway into RemoteAccess community. How Remote Acces Blade is aktive, but Site to Site VPN is still inactive:

Site to Site VPN.png

 

0 Kudos
Exonix
Advisor
yesterday
In response to Exonix
Jump to solution

solution: the security gateway should be added to each Default VPN-Community:

vpn_1900.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top