Print Download PDF Send Feedback

Previous

Next

Configuring Policy for Remote Access VPN

In This Section:

Workflow for Configuring a Remote Access Control Policy

Access control is a layer of security independent of VPN. When there is a Remote Access Community, the members of the community do not have free, automatic access to the network. Security rules have to be created in the Access Control Policy Rule Base blocking or allowing specific services.

To allow members access, you have to create a rule in the Security Security Policy Rule Base that grants access to the LAN. Consider which services are allowed and restricted, and for services that are restricted, define a specific rule in the Security Policy Rule Base.Configure Remote Access VPN policy in the Unified Access Control Policy Rule Base.

Make sure that:

For R80.x gateways, you can include Remote Access and VPN clients in the Source column of the rule. To do this create an Access Role for each client.

Workflow for Configuring a Remote Access Control Policy

Step 1: Create and configure the Security Gateway

Step 2: Configure Remote Access Roles for an individual client

Step 3: Configure Remote Access VPN Communities

Step 4: Define Access Control Roles

Step

Description

1

Create and configure the Security Gateway.

  1. Go to Gateways & Servers and double-click the gateway.
  2. From the Check Point Gateway tree, check the box IPSec VPN.
  3. Initialize a secure communication channel between the VPN module and the Security Management Server. From Secure Internal Communication (SIC), click Communication.
  4. From Network Management > VPN Domain, define the interfaces and the VPN domain.

The ICA automatically creates a certificate for the Security Gateway.

2

Configure Remote Access Roles.

  1. Open a New Access Role window in one of these ways:
    • From the Objects bar, click More object types > User > New Access Role.
    • From the Source column of the Access Control policy Rule Base: Click > click > select Access Role.
  2. Enter a Name for the access role.

    Optional: Enter a Comment or click the down arrow to select a Color for the object.

  3. From the left pane, select Remote Access Clients.
  4. Expand the Specific Client list and click New > Allowed client.
  5. Click to select a client and enter an object name. Click OK.

Optional: To make the Access Role include only specified users, select Users from the left pane and define the allowed users.

3

Configure Remote Access VPN Communities.

  1. From the Objects Explorer, click VPN Communities.
  2. Double-click RemoteAccess and the RemoteAccess window opens.
  3. On the Participating Gateways page, click and select the Security Gateways that are in the Remote Access Community.
  4. On the Participating User Groups page, click and select the group that contains the Remote Access users.
  5. Click OK. Install policy.

4

Define Access Control Rules.