AnsweredAssumed Answered

Remote Access and Site-to-Site VPN access restriction

Question asked by Dialungana Malungo on Nov 17, 2018
Latest reply on Nov 18, 2018 by Aleksei Shelepov

Dear Mates


I have currently migrated our VPN solution to Check Point. However, I have been experiencing some issues when it comes to restricting access to specific machines.

For example, if I set the VPN domain on the Gateway to which is a network behind the gateway. And then create a firewall policy for remote users to access only, the remote users are also being able to access other hosts in network  like , even if I only use a single host as a destination.



In the figure above, the RemoteAcess-users, are also being able to access other machines on the defined VPN domain apart from GUI-A.


Does this mean that remote users can access any machine in the VPN domain?

Any ideas on how this issue could be resolved, in such a way remote users only access the machines defined in the Destination field of the Firewall Policy?


Site-to-Site VPN


The same behavior is happening in site-to-site VPN, I only specified on host in the source, but other host can also access the remote machines even if they are not specified as source.


Thanks in advance