- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
The others are correct. If you're looking to differentiate traffic by client type, then Access Roles are your answer here. You can define an Access Role object by client type, and use those in your policy.
For best results, you can also define an access role for your regular users and again use that in your policy. With this, you can remove the "legacy user access" rule for "Vpn_users@any" in the source column AND you can remove the RemoteAccess community from the VPN column. You will use the access roles to control VPN user traffic; either by your client type roles, or your user-identity roles, or both. Your user identity roles can refer to internal/local user, AD/LDAP users, LDAP OUs, AD security groups.... whatever you need.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY