This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2021-12-15 07:41 PM

Remote Access Endpoint VPN policy is not matching the rule

Hi Team,

 

I have R80.30 firewalls and R80.40 mgmt server. It has been upgraded from R77.30 almost a year back and now I would like to enable Application and URL filtering blade on policy hence activated the same from Manage policy and layers.

However since I have Remote access Endpoint client based VPN rules setup in legacy mode like this

 

I am unable to do so and while installing policy it throws error. Then I tried converting legacy user access to access role however users are successfully getting authenticated but they are unable to connect as per policy and traffic is getting dropped on clean up rule. So I disabled Rule#9 and enabled Rule #8; however traffic is getting dropped any reason why?

HelpDeskAccessRole.JPG

AccessRole.JPG

 

Am I missing anything here?

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
5 Replies
Blason_R
Leader
Leader
‎2021-12-15 07:49 PM

Oh! By the way these are local users configured on firewall.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
PhoneBoy
Admin
Admin
‎2021-12-16 10:01 PM

Have you enabled Remote Access as an Identity Source in the gateway?
It’s not enabled by default.

0 Kudos
Blason_R
Leader
Leader
‎2021-12-20 09:34 AM
In response to PhoneBoy

Yes this is enabled and I confirmed that. What could be other reason?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
mcatanzaro
Employee
Employee
‎2021-12-20 07:45 PM
In response to Blason_R

Hi,

I would check that the pdp is associating the AR with the users by running:

# pdp monitor user <user>

1.png

I would imagine this would be the cause if the IA settings etc. are correct.

Here is my user matching a rule correctly based off the AR detected by the pdp:

2.png3.png

If the pdp isn't detecting the AR then you will want to recheck the configuration/debug pdpd to get more info.

0 Kudos
Blason_R
Leader
Leader
‎2021-12-20 07:49 PM
In response to mcatanzaro

Thanks I need to verify that. let me revert with my findings then.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events