This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
fatalXerror
Contributor
‎2019-01-23 04:15 AM

IPSec RAVPN: Restrict a Subnet from Connecting to the VPN

Hi Guys,

I am gathering some helpful information for a while now to suffice my concern.

I found this thread and followed it but it does shows what I wanted. 

https://community.checkpoint.com/thread/7204-restricting-remote-access-by-ipv4-address 

My concern is, I want to restrict a subnet from connecting to the VPN. For example, SUBNET-A should be the only subnet that can connect to my VPN using Endpoint VPN client. I tried in my lab what is in the link but I still can connect to VPN even though my endpoint does not belong to that subnet.

Is this really possible?

Thanks for the help.

Reply
3 Replies
G_W_Albrecht
Champion
Champion
‎2019-01-23 05:10 AM

It is possible - but what is shown in logs for you ?

0 Kudos
Reply
fatalXerror
Contributor
‎2019-01-23 05:23 AM
In response to G_W_Albrecht

Hi @Günther W. Albrecht, 

In my logs, i can only see "Key Install" and "Login" logs but these logs upon analyzing, it is pertaining to the VPN IP so the security rules will not to take effect. Is my understanding correct?

Above image is a sample, I am connecting to my external zone (sorry the object naming is incorrect).

How I can restrict a group of user like only the group of 10.10.10.0/24 can connect to the VPN?

Thanks in advance.

Reply
PhoneBoy
Admin
Admin
‎2019-01-25 08:42 PM

What, if anything, did you try from that the thread you mentioned?

0 Kudos
Reply