AnsweredAssumed Answered

Remote Access and Site-to-Site VPN access restriction

Question asked by Di Junior on Nov 17, 2018
Latest reply on Nov 18, 2018 by Aleksei Shelepov

Dear Mates

 

I have currently migrated our VPN solution to Check Point. However, I have been experiencing some issues when it comes to restricting access to specific machines.

For example, if I set the VPN domain on the Gateway to 10.10.0.0/24 which is a network behind the gateway. And then create a firewall policy for remote users to access only 10.10.0.20/32, the remote users are also being able to access other hosts in 10.10.0.0/24 network  like 10.10.0.22/32 , even if I only use a single host as a destination.

 

 

In the figure above, the RemoteAcess-users, are also being able to access other machines on the defined VPN domain apart from GUI-A.

 

Does this mean that remote users can access any machine in the VPN domain?

Any ideas on how this issue could be resolved, in such a way remote users only access the machines defined in the Destination field of the Firewall Policy?

 

Site-to-Site VPN

 

The same behavior is happening in site-to-site VPN, I only specified on host in the source, but other host can also access the remote machines even if they are not specified as source.

 

Thanks in advance

Outcomes