This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
raquinog
Participant
‎2020-08-19 07:54 PM
Jump to solution

Configure Client VPN on VSX

I currently have a firewall with 8 virtual contexts (VSX).
On the VSX02 Firewall I have the Productive Client VPN service.
The Customer asks me to configure the other VPN Client service on other Firewall VSX07.

When I enter the Gateway VSX07, if I try to configure the Parameter of "VPN Clients >> Office Mode" in this point I can make modifications.

office_mode.png

But when I click OK to save the changes, I get the following message "Define office mode pool network for all cluster members to match the cluster definition" and I can't move forward.

office_mode_fail.png

The configuration of the current pool of the VPN Client, is assigned in each member of the cluster.

office_mode_pool.png

Can I have the VPN Client service on the same firewall but different VSXs?

Can I use the same pool as the productive VPN Client, with the new service that I am trying to configure?

How can I fix the problem?

 

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-08-19 11:21 PM
Jump to solution

Hi @raquinog,

Follow these steps in SmartConsole:

- open Security Gateway Cluster Object
- go to Cluster Members pane - select cluster member and select Edit
- Cluster Member Properties window will open - Navigate to VPN tab
- under Office Mode for Remote Access - select or check the Box for Offer Manual Office Mode (using IP pool) option
- from the Drop down selection of Allocate IP Addresses from network select the relevant Network which is created for the purpose of Office Mode Pool
- close Cluster Member Properties window by hitting OK

>>> repeat Step for second cluster member <<<
>>> install the Security policy <<<

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

4 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2020-08-19 11:21 PM
Jump to solution

Hi @raquinog,

Follow these steps in SmartConsole:

- open Security Gateway Cluster Object
- go to Cluster Members pane - select cluster member and select Edit
- Cluster Member Properties window will open - Navigate to VPN tab
- under Office Mode for Remote Access - select or check the Box for Offer Manual Office Mode (using IP pool) option
- from the Drop down selection of Allocate IP Addresses from network select the relevant Network which is created for the purpose of Office Mode Pool
- close Cluster Member Properties window by hitting OK

>>> repeat Step for second cluster member <<<
>>> install the Security policy <<<

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
raquinog
Participant
‎2020-08-20 07:35 AM
In response to HeikoAnkenbrand
Jump to solution

Hi Heiko:

Thanks for your advice, but I tried to do it, and is the same result. I get the following message "Define office mode pool network for all cluster members to match the cluster definition"

Any other suggestion?

Can I have the VPN Client service on the same firewall but different VSXs?

JanVC
Collaborator
‎2020-08-22 01:12 AM
In response to raquinog
Jump to solution

Did you try configuring the office mode pool on the cluster and then pressing OK to push the vsx configuration and only after that re-open the VS and then configure the VPN settings?

PhoneBoy
Admin
Admin
‎2020-08-21 10:42 PM
Jump to solution

Don't think you can use the same Office Mode pool on different VSes on the same VSX cluster.
But you should be able to configure Remote Access on multiple VSes.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events