Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sercang
Explorer
Jump to solution

Multiple Remote Access Configuration

Hello

I need to two different type of VPN connection profiles for two different groups of users. Users in group1 must be enforced to use corporate VPN (and the all traffic must be routed via corporate GW) when they use their computers outside the internal network. Users in group2 should be able to connect internet directly and they should be able to connect corporate resources via VPN.

I searched for multiple Remote Access profile configuration but the only thing I found is that once it was available R80.10 and it was considered as bug.

--> https://community.checkpoint.com/t5/Remote-Access-VPN/Multiple-Remote-Access-Communities-GW-Version/...

Is there anyway to fulfill this requirement?

Thanks in advance

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin

You can only have a single Remote Access VPN community in the same management domain.

View solution in original post

PhoneBoy
Admin
Admin

For this particular use case, it’s not the inability to specify multiple remote access communities that will cause an issue, it’s the fact that Route All Traffic or Hub Mode is a global setting with effectively three possible options:

  • Hub Mode not allowed
  • Hub Mode allowed, but the end user can choose
  • Hub Mode forced

Forcing Hub Mode only for specific groups of users is not currently possible.

View solution in original post

4 Replies
_Val_
Admin
Admin

You can only have a single Remote Access VPN community in the same management domain.

the_rock
Legend
Legend

Thats correct, @_Val_ is accurate in saying that ONLY one RA community is supported. 

PhoneBoy
Admin
Admin

For this particular use case, it’s not the inability to specify multiple remote access communities that will cause an issue, it’s the fact that Route All Traffic or Hub Mode is a global setting with effectively three possible options:

  • Hub Mode not allowed
  • Hub Mode allowed, but the end user can choose
  • Hub Mode forced

Forcing Hub Mode only for specific groups of users is not currently possible.

sercang
Explorer

Many thanks @_Val_@the_rock and @PhoneBoy.

 

For my case, the information below (by @PhoneBoy) is more applicable and explanatory:

"it’s the fact that Route All Traffic or Hub Mode is a global setting with effectively three possible options:

  • Hub Mode not allowed
  • Hub Mode allowed, but the end user can choose
  • Hub Mode forced"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events