This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jyrbn
Contributor
‎2025-04-23 12:34 AM

Remote Access VPN Clients has no Internet Access when routing through the Gateway

Hi, 

We are trying to configure Remote Access VPN on a Centrally Managed (Smart-1 Cloud) Spark 1600, when routing all traffic through the security gateway, remote access clients can ping and access Internal Networks but has no Internet access which is need to access our cloud resources. 

We have followed this sk but are still not successful https://support.checkpoint.com/results/sk/sk101239.

Any ideas on what we could check?




0 Kudos
9 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-04-23 01:35 AM

Did you configure this also in rule base ?

As written in https://sc1.checkpoint.com/documents/R80.10_andhigher/WebAdminGuides/EN/CP_RemoteAccessVPN_AdminGuid...

Create the access control rule in the Access Control Policy.

VPN routing traffic is handled in the Security Policy Rule Base as a single connection, matched to one rule only.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
jyrbn
Contributor
‎2025-04-23 02:06 AM
In response to G_W_Albrecht

Which part of the documentation you sent are you referring to?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-04-23 02:12 AM
In response to jyrbn

See the included link !

Hub Mode for Remote Access Clients

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
jyrbn
Contributor
‎2025-04-24 12:08 AM
In response to G_W_Albrecht

Yup, we've already enabled hub mode for the clients. 
image (1).jpg
Whenever I enable VPN tunneling (Routing traffic through the gateway) on the client even my own internet connection becomes "No Internet Access". 

image (2).jpg

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-04-24 12:13 AM
In response to jyrbn

No, i am talking about the rule base - RA clients are restricted by the rule base that tells which networks they can access.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
jyrbn
Contributor
‎2025-04-24 01:44 AM
In response to G_W_Albrecht

Ah yes, we have also configured a rule for remote access clients. 

Screenshot 2025-04-24 164206.png
It's destination is currently set to ANY for testing purposes. 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-25 06:06 AM
In response to jyrbn

Do you see anything in the logs when the Remote Access client connects and attempts to communicate?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-04-24 12:15 AM
In response to jyrbn

Why would you use hub mode at all ? Seems you usually have your private internet connection, so using endpoint security would be safe in all situations; with hub mode, you have the TP GW only when connected thru RA VPN.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
jyrbn
Contributor
‎2025-04-24 02:14 AM
In response to G_W_Albrecht

Our remote access clients needs to access our cloud resources using the Public IP address of our GW because that IP address is the one authorized to access them. That's why we need to route all traffic of the remote clients thru our GW.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events