No VPN Policy - big problem for MEPP

**Guard** · 2012-07-13

Hi all,
i'm stuck into big problem with new E80 client and server.
The problem is - there is no VPN Policy which can be attached to clients connecting through VPN to the company (there are only Connected, Disconnected and Restriced assignements to policies).
I'll describe what is the core problem of that:
1) we have Connected policy which denies users to use any kind of modems
2) when the client goes out of the office - the client is atached Disconnected policy - which allows use of modems (like USB GSM modems for example)
3) when the client then connects to the internal network through VPN using any kind of modem (in this example USB GSM) the connection is fine until ... the client gets Connected policy (about 30 sec.) and then the modem is turned off :( Connection with the site and internet are broken, client receives Disconnected policy once again and ... can use the modem till connected with VPN.

I have spoken with CheckPoint - through our resseler - and there is no resolution to this kind of problem till now (this was working fine with previous version R73, with VPN Policy in place, which i recommend to all of you till the problem is resolved).

**DemilicH** · 2012-07-13

Originally Posted by Guard

Hi all,
i'm stuck into big problem with new E80 client and server.
The problem is - there is no VPN Policy which can be attached to clients connecting through VPN to the company (there are only Connected, Disconnected and Restriced assignements to policies).
I'll describe what is the core problem of that:
1) we have Connected policy which denies users to use any kind of modems
2) when the client goes out of the office - the client is atached Disconnected policy - which allows use of modems (like USB GSM modems for example)
3) when the client then connects to the internal network through VPN using any kind of modem (in this example USB GSM) the connection is fine until ... the client gets Connected policy (about 30 sec.) and then the modem is turned off :( Connection with the site and internet are broken, client receives Disconnected policy once again and ... can use the modem till connected with VPN.

I have spoken with CheckPoint - through our resseler - and there is no resolution to this kind of problem till now (this was working fine with previous version R73, with VPN Policy in place, which i recommend to all of you till the problem is resolved).

Hi,

You can define network range that matching your office mode pool and assign VPN policy per newtork (OM pool).

/d

**Guard** · 2012-07-13

Originally Posted by DemilicH

Hi,

You can define network range that matching your office mode pool and assign VPN policy per newtork (OM pool).

/d

??

**DemilicH** · 2012-07-13

Originally Posted by Guard

??

You can use dedicated policy to the Office Mode IP according to sk61024:

"VPN gateway policies are available by configuring a dedicated policy to the Office Mode IP range. "

**Guard** · 2012-07-13

Originally Posted by DemilicH

You can use dedicated policy to the Office Mode IP according to sk61024:

"VPN gateway policies are available by configuring a dedicated policy to the Office Mode IP range. "

Ok - thx, why CHP Support didn't tell me about that possibility ?

Beside that, with this resolution i can see a problem when client home netowrk will interfere with defined Office Mode network. Am i right ?

I'll try this and let you now if it is working or not.
Thank you

**DemilicH** · 2012-07-14

Originally Posted by Guard

Ok - thx, why CHP Support didn't tell me about that possibility ?

Beside that, with this resolution i can see a problem when client home netowrk will interfere with defined Office Mode network. Am i right ?

I'll try this and let you now if it is working or not.
Thank you

If client home network conflicts with Office Mode network you will have routing / IP assignment issues on OS level. But this is different issue than the one we discussing here. You must use office mode with E80 VPN clients.

/d

**Guard** · 2012-07-14

Originally Posted by DemilicH

If client home network conflicts with Office Mode network you will have routing / IP assignment issues on OS level. But this is different issue than the one we discussing here. You must use office mode with E80 VPN clients.

/d

Hi, thanks for pointing me to this solution - i don't know why supporters from CHP didn't point me to it. If it was i won't be so angry and don't frustrate to the product as in my first post here :(
It is wokring fine with Network range - "VPN" policy is attached to the client.
Once again many thanks :)