Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Christoph
Collaborator
Jump to solution

Restrict IPv4 Remote Access VPN

Hello,

I need to restrict the list of users able to connect via Remote Access VPN to a list of fixed IP addresses.

There are posts, with identical requirements dating back to 2018 with no solution.

The more popular request for geolocation blocking has no solution either, but is also a few years old.

Has anyone successfully implemented such a solution, with a Check Point Firewall?

Cheers

Christoph

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

 

The Geo restrict option is possible using this solution:

https://community.checkpoint.com/t5/Security-Gateways/Block-VPN-Traffic-by-Country/td-p/172695

CCSM R77/R80/ELITE
0 Kudos
Christoph
Collaborator

Hello Chris,

thank you very much. Didn't found this while looking for a solution. I will check if I can break this down to a single IP or group of IPs.

Cheers

Christoph

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

This is not relevant on the CP RA VPN but on your clients - these each need a fixed routable IP and a corresponding entry in the GW rule base. As this is not the cheapest solution it is not used so much 😉. Most customers restrict the list of users able to connect via Remote Access VPN by defining groups of users that should be able to connect 😎 and do not allow others...

Geoblocking is dangerous - a customer was only allowing RA VPN clients from his home country and had to fight the "wrong county for IP" issue a couple of times. Would be nice if it worked 100% but can be deemed not usable if a client can be restricted from access for 1-2 weeks until it is corrected.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events