Thursday, May 26, 2011

SSL VPN on a Check Point Gateway

Create a new network object. This will be used as the remote users IP address. Name this "net_office-mode-IPs"

Within the Check Point Object under Tolopogy > VPN Domain add your local domain.
Within the Check Point Object under Remote Access make the following changes : Enable Support Vistor Mode

Within the Check Point Object under Office Mode - Select "Allow Office Mode to all users". Add this new network object under Manual (Allocate IP address from Network)
Within the Check Point Object Under Client VPN - Tick Support Clientless VPN. Under Certificate for gateway authentication select ICA_CERT.

Within the Check Point Object under SSL Clients - Tick the SSL Network Extender and select the ICA_CERT as the The gateway authenticates with this certificate.

Within the VPN community Tab under your Remote Access community. Add your Gateway as a paricipating gateway.

Within the Users Tab create your users and add these to a new user group.
Create a Rule for to allow access from your usergroups to your internal hosts (local encryption domain) and select your Remote Access Community