CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 7 of 7

Thread: No VPN Policy - big problem for MEPP

  1. #1
    Join Date
    2009-09-01
    Posts
    15
    Rep Power
    0

    Default No VPN Policy - big problem for MEPP

    Hi all,
    i'm stuck into big problem with new E80 client and server.
    The problem is - there is no VPN Policy which can be attached to clients connecting through VPN to the company (there are only Connected, Disconnected and Restriced assignements to policies).
    I'll describe what is the core problem of that:
    1) we have Connected policy which denies users to use any kind of modems
    2) when the client goes out of the office - the client is atached Disconnected policy - which allows use of modems (like USB GSM modems for example)
    3) when the client then connects to the internal network through VPN using any kind of modem (in this example USB GSM) the connection is fine until ... the client gets Connected policy (about 30 sec.) and then the modem is turned off :( Connection with the site and internet are broken, client receives Disconnected policy once again and ... can use the modem till connected with VPN.

    I have spoken with CheckPoint - through our resseler - and there is no resolution to this kind of problem till now (this was working fine with previous version R73, with VPN Policy in place, which i recommend to all of you till the problem is resolved).

  2. #2
    Join Date
    2009-02-13
    Posts
    87
    Rep Power
    14

    Default Re: No VPN Policy - big problem for MEPP

    Quote Originally Posted by Guard View Post
    Hi all,
    i'm stuck into big problem with new E80 client and server.
    The problem is - there is no VPN Policy which can be attached to clients connecting through VPN to the company (there are only Connected, Disconnected and Restriced assignements to policies).
    I'll describe what is the core problem of that:
    1) we have Connected policy which denies users to use any kind of modems
    2) when the client goes out of the office - the client is atached Disconnected policy - which allows use of modems (like USB GSM modems for example)
    3) when the client then connects to the internal network through VPN using any kind of modem (in this example USB GSM) the connection is fine until ... the client gets Connected policy (about 30 sec.) and then the modem is turned off :( Connection with the site and internet are broken, client receives Disconnected policy once again and ... can use the modem till connected with VPN.

    I have spoken with CheckPoint - through our resseler - and there is no resolution to this kind of problem till now (this was working fine with previous version R73, with VPN Policy in place, which i recommend to all of you till the problem is resolved).
    Hi,

    You can define network range that matching your office mode pool and assign VPN policy per newtork (OM pool).

    /d

  3. #3
    Join Date
    2009-09-01
    Posts
    15
    Rep Power
    0

    Default Re: No VPN Policy - big problem for MEPP

    Quote Originally Posted by DemilicH View Post
    Hi,

    You can define network range that matching your office mode pool and assign VPN policy per newtork (OM pool).

    /d
    ??

  4. #4
    Join Date
    2009-02-13
    Posts
    87
    Rep Power
    14

    Default Re: No VPN Policy - big problem for MEPP

    Quote Originally Posted by Guard View Post
    ??
    You can use dedicated policy to the Office Mode IP according to sk61024:

    "VPN gateway policies are available by configuring a dedicated policy to the Office Mode IP range. "

  5. #5
    Join Date
    2009-09-01
    Posts
    15
    Rep Power
    0

    Default Re: No VPN Policy - big problem for MEPP

    Quote Originally Posted by DemilicH View Post
    You can use dedicated policy to the Office Mode IP according to sk61024:

    "VPN gateway policies are available by configuring a dedicated policy to the Office Mode IP range. "
    Ok - thx, why CHP Support didn't tell me about that possibility ?

    Beside that, with this resolution i can see a problem when client home netowrk will interfere with defined Office Mode network. Am i right ?

    I'll try this and let you now if it is working or not.
    Thank you

  6. #6
    Join Date
    2009-02-13
    Posts
    87
    Rep Power
    14

    Default Re: No VPN Policy - big problem for MEPP

    Quote Originally Posted by Guard View Post
    Ok - thx, why CHP Support didn't tell me about that possibility ?

    Beside that, with this resolution i can see a problem when client home netowrk will interfere with defined Office Mode network. Am i right ?

    I'll try this and let you now if it is working or not.
    Thank you
    If client home network conflicts with Office Mode network you will have routing / IP assignment issues on OS level. But this is different issue than the one we discussing here. You must use office mode with E80 VPN clients.

    /d

  7. #7
    Join Date
    2009-09-01
    Posts
    15
    Rep Power
    0

    Default Re: No VPN Policy - big problem for MEPP

    Quote Originally Posted by DemilicH View Post
    If client home network conflicts with Office Mode network you will have routing / IP assignment issues on OS level. But this is different issue than the one we discussing here. You must use office mode with E80 VPN clients.

    /d
    Hi, thanks for pointing me to this solution - i don't know why supporters from CHP didn't point me to it. If it was i won't be so angry and don't frustrate to the product as in my first post here :(
    It is wokring fine with Network range - "VPN" policy is attached to the client.
    Once again many thanks :)

Similar Threads

  1. Big Problem with my Interspect i've buy !!
    By komatek in forum InterSpect
    Replies: 1
    Last Post: 2009-06-11, 19:38
  2. Big problem with Clustering!!!
    By doccocaubai in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 8
    Last Post: 2008-04-29, 12:12
  3. Policy too big
    By jimbul in forum Check Point UTM-1 Edge Appliances
    Replies: 1
    Last Post: 2007-11-14, 05:02
  4. 2 Different VPN communities and 1 BIG problem
    By Ckiller in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2007-01-18, 20:39
  5. Big dog 560ís with QoS/VPN Concerns
    By thompson in forum Installing And Upgrading
    Replies: 1
    Last Post: 2006-09-06, 06:36

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •