This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christoph
Collaborator
‎2023-10-17 01:34 AM
Jump to solution

Restrict IPv4 Remote Access VPN

Hello,

I need to restrict the list of users able to connect via Remote Access VPN to a list of fixed IP addresses.

There are posts, with identical requirements dating back to 2018 with no solution.

The more popular request for geolocation blocking has no solution either, but is also a few years old.

Has anyone successfully implemented such a solution, with a Check Point Firewall?

Cheers

Christoph

0 Kudos
1 Solution

Accepted Solutions
3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-10-17 01:40 AM
Jump to solution

 

The Geo restrict option is possible using this solution:

https://community.checkpoint.com/t5/Security-Gateways/Block-VPN-Traffic-by-Country/td-p/172695

CCSM R77/R80/ELITE
0 Kudos
Christoph
Collaborator
‎2023-10-17 01:47 AM
In response to Chris_Atkinson
Jump to solution

Hello Chris,

thank you very much. Didn't found this while looking for a solution. I will check if I can break this down to a single IP or group of IPs.

Cheers

Christoph

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-10-17 01:47 AM
Jump to solution

This is not relevant on the CP RA VPN but on your clients - these each need a fixed routable IP and a corresponding entry in the GW rule base. As this is not the cheapest solution it is not used so much 😉. Most customers restrict the list of users able to connect via Remote Access VPN by defining groups of users that should be able to connect 8) and do not allow others...

Geoblocking is dangerous - a customer was only allowing RA VPN clients from his home country and had to fight the "wrong county for IP" issue a couple of times. Would be nice if it worked 100% but can be deemed not usable if a client can be restricted from access for 1-2 weeks until it is corrected.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top