AnsweredAssumed Answered

Remote Access Configuration and Compliance Help.

Question asked by Jack Prendergast on Apr 10, 2018
Latest reply on Nov 6, 2018 by Mark Colatosti

Hi,

 

I need some help with the Check Point Remote Access solution.

 

Safe to say, the mobile access blade is clunky and terrible – however, we purchased it and I need a hand configuring some parts.

 

We will be using the SSL extender (SSL VPN) for certain users that need access to the Secure Workspace.

Then, for all corporate laptop users, they will be using the EndPoint Security VPN client to connect (IPSEC)

 

Okay – so, SSL extender is fine. No problem, basic browse to a site, log in. All cool.

 

It’s the IPSEC side that’s causing issues.

 

If I download the Endpoint Security client to my own, personal PC. I can connect to our gateway, and my machine is then affectively on the corporate LAN. This obviously needs to be prevented.

How do I restrict that only corporate laptops can connect to this? I have looked at SVC – which is a headache, painfully complicated, and also doesn’t seem relevant to this? Is it something in Compliance? Please can someone help with how to restrict this?

 

Secondly, I cant manage to disable split tunnelling. There are some sites, i.e ServiceNow that only allows access via our corporate public IP. I need all traffic to route via the gateway and out. I have enabled Hub mode, and also ticked the security option to route all traffic via this gateway. No luck.

 

Any suggestions to both queries please?

 

Thanks all.

Outcomes