Solved: Re: Configure Client VPN on VSX

raquinog · ‎2020-08-19

I currently have a firewall with 8 virtual contexts (VSX).
On the VSX02 Firewall I have the Productive Client VPN service.
The Customer asks me to configure the other VPN Client service on other Firewall VSX07.

When I enter the Gateway VSX07, if I try to configure the Parameter of "VPN Clients >> Office Mode" in this point I can make modifications.

But when I click OK to save the changes, I get the following message "Define office mode pool network for all cluster members to match the cluster definition" and I can't move forward.

The configuration of the current pool of the VPN Client, is assigned in each member of the cluster.

Can I have the VPN Client service on the same firewall but different VSXs?

Can I use the same pool as the productive VPN Client, with the new service that I am trying to configure?

How can I fix the problem?

HeikoAnkenbrand · ‎2020-08-19

Hi @raquinog,

Follow these steps in SmartConsole:

- open Security Gateway Cluster Object
- go to Cluster Members pane - select cluster member and select Edit
- Cluster Member Properties window will open - Navigate to VPN tab
- under Office Mode for Remote Access - select or check the Box for Offer Manual Office Mode (using IP pool) option
- from the Drop down selection of Allocate IP Addresses from network select the relevant Network which is created for the purpose of Office Mode Pool
- close Cluster Member Properties window by hitting OK

>>> repeat Step for second cluster member <<<
>>> install the Security policy <<<

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

raquinog · ‎2020-08-20

Hi Heiko:

Thanks for your advice, but I tried to do it, and is the same result. I get the following message "Define office mode pool network for all cluster members to match the cluster definition"

Any other suggestion?

Can I have the VPN Client service on the same firewall but different VSXs?

View solution in original post

HeikoAnkenbrand · ‎2020-08-19

Hi @raquinog,

Follow these steps in SmartConsole:

- open Security Gateway Cluster Object
- go to Cluster Members pane - select cluster member and select Edit
- Cluster Member Properties window will open - Navigate to VPN tab
- under Office Mode for Remote Access - select or check the Box for Offer Manual Office Mode (using IP pool) option
- from the Drop down selection of Allocate IP Addresses from network select the relevant Network which is created for the purpose of Office Mode Pool
- close Cluster Member Properties window by hitting OK

>>> repeat Step for second cluster member <<<
>>> install the Security policy <<<

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

raquinog · ‎2020-08-20

Hi Heiko:

Thanks for your advice, but I tried to do it, and is the same result. I get the following message "Define office mode pool network for all cluster members to match the cluster definition"

Any other suggestion?

Can I have the VPN Client service on the same firewall but different VSXs?

JanVC · ‎2020-08-22

Did you try configuring the office mode pool on the cluster and then pressing OK to push the vsx configuration and only after that re-open the VS and then configure the VPN settings?

Anibus0103 · ‎2025-04-07

Hello @raquinog. I also have the same error as you on FW VSX. Have you found a solution to configure VPN Client to site on 2 different VSX?

PhoneBoy · ‎2020-08-21

Don't think you can use the same Office Mode pool on different VSes on the same VSX cluster.
But you should be able to configure Remote Access on multiple VSes.

Anibus0103 · ‎2025-04-07

I also have the same error as you on FW VSX. Have you found a solution to configure VPN Client to site on 2 different VSX?

Are you a member of CheckMates?

Configure Client VPN on VSX