I have currently migrated our VPN solution to Check Point. However, I have been experiencing some issues when it comes to restricting access to specific machines.
For example, if I set the VPN domain on the Gateway to 10.10.0.0/24 which is a network behind the gateway. And then create a firewall policy for remote users to access only 10.10.0.20/32, the remote users are also being able to access other hosts in 10.10.0.0/24 network like 10.10.0.22/32 , even if I only use a single host as a destination.
In the figure above, the RemoteAcess-users, are also being able to access other machines on the defined VPN domain apart from GUI-A.
Does this mean that remote users can access any machine in the VPN domain?
Any ideas on how this issue could be resolved, in such a way remote users only access the machines defined in the Destination field of the Firewall Policy?
The same behavior is happening in site-to-site VPN, I only specified on host in the source, but other host can also access the remote machines even if they are not specified as source.
Thanks in advance