Dear Mates
I have currently migrated our VPN solution to Check Point. However, I have been experiencing some issues when it comes to restricting access to specific machines.
For example, if I set the VPN domain on the Gateway to 10.10.0.0/24 which is a network behind the gateway. And then create a firewall policy for remote users to access only 10.10.0.20/32, the remote users are also being able to access other hosts in 10.10.0.0/24 network like 10.10.0.22/32 , even if I only use a single host as a destination.
In the figure above, the RemoteAcess-users, are also being able to access other machines on the defined VPN domain apart from GUI-A.
Does this mean that remote users can access any machine in the VPN domain?
Any ideas on how this issue could be resolved, in such a way remote users only access the machines defined in the Destination field of the Firewall Policy?
Site-to-Site VPN
The same behavior is happening in site-to-site VPN, I only specified on host in the source, but other host can also access the remote machines even if they are not specified as source.
Thanks in advance
1. Please check logs and find out which firewall rule is allowing such traffic (if all rules have enabled logging).
2. Send us screenshot of "GUI-A" and "GUI-B" hosts.
3. Check NAT rules if there are any.