Office Mode

In This Section:

IP Pool Configuration

Make sure that all the internal routers are configured to route all the traffic destined to the internal address space you had reserved to Office Mode users through the Security Gateway.

To deploy the basic Office Mode using IP pools:

From the Objects Bar click New > Network.
The New Network window opens.
In the General tab, set the IP address pool range:
1. Enter a Name for the network.
2. In Network Address enter the first IP address.
3. In Net Mask enter the subnet mask according to the required amount of IP addresses (entering 255.255.255.0, for example, will designate all 254 IP addresses from 10.130.56.1 to 10.130.56.254 for Office Mode addresses.)
4. Click OK and publish the changes.
Click Gateways & Servers and double-click the Security Gateway.
The gateway window opens and shows the General Properties page.
From the navigation tree, click VPN Clients > Office Mode.
Configure these settings:
- In the Office Mode Method section, from Allocate IP from network select the IP Pool network object
- Optional Parameters > IP lease duration - Enter the number of minutes that the IP address is used by the remote host
- To allow routing to be done after the encapsulation of Office Mode packets, click Support connectivity enhancement for gateways with multiple external interfaces
- To check that Office Mode packets are not spoofed, click Perform Anti-Spoofing on Office Mode addresses
Click OK and publish the changes.
If you completed configuring the settings for Office Mode, install the policy.

To specify which WINS and DNS servers Office Mode users can use:

Note - WINS and DNS servers should be set on the Security Management Server only when IP pool is the selected method.

Create a DNS server object.
1. From the Objects Bar click New > Host.
2. In the General page, enter the Object Name and IP address settings.
3. In the Servers page, click DNS Server.
4. Click OK.
Create a WINS server object.
1. From the Objects Bar click New > Host.
2. In the General page, enter the Object Name and IP address settings.
3. Click OK.
Publish the changes.
Click Gateways & Servers and double-click the Security Gateway.
The gateway window opens and shows the General Properties page.
From the navigation tree, click VPN Clients > Office Mode.
Click Optional Parameters.
For the DNS and WINS Servers, click Primary and select the server.
Click OK and publish the changes.
Install the Policy.

DHCP Configuration

To configure Office Mode with a DHCP server:

On your DHCP server's configuration, make sure that you have designated an IP address space for Office Mode users (e.g., 10.130.56.0).
From the Objects Bar click New > Host.
Configure the settings for the name, IP address, and subnet mask.
Click OK and publish the changes.
Double-click the Remote Access gateway.
The gateway window opens and shows the General Properties page.
From the navigation tree, click VPN Clients > Office Mode.
Configure these settings:
- Click Automatic (use DHCP)
- From Use specific DHCP server, select the DHCP server
- In Virtual IP address for DHCP server replies, enter an IP address from the sub network of the IP addresses which are designated for Office Mode usage.
  Office Mode supports DHCP Relay method for IP assignment, so you can direct the DHCP server as to where to send its replies. The routing on the DHCP server and that of internal routers must be adjusted so that packets from the DHCP server to this address are routed through the Security Gateway.
- Optional: In the Additional IP addresses for Anti-Spoofing, select the network object you have created with the IP address range you have set aside for Office Mode on the DHCP server.
Click OK and publish the changes.

To create a new network object for Office Mode on the DHCP server:

From the Objects Bar click New > Network.
The New Network window opens.
In Network Address enter the first address that is used (e.g. 10.130.56.0).
In Net Mask enter the subnet mask according to the amount of addresses that is used.
For example, the IP address 255.255.255.0 designates that all 254 IP addresses from 10.130.56.1 until 10.130.56.254 are set aside for remote host Office Mode addresses on the DHCP server.
Click OK and publish the changes.
Install the Access Control policy.
Make sure that all the internal routers are configured to route all the traffic destined to the internal address space you had reserved to Office Mode users through the Security Gateway.
For example, in the example above it is required to add routes to the class C sub network of 10.130.56.0 through the Security Gateway's IP address.
Make sure that the remote access clients are also configured to use Office Mode.

Use First Office Mode IP

To configure all gateways to work in Office Mode:

From Menu, click Global Properties.
From the navigation tree, click Remote Access > VPN - Advanced.
In the Office Mode section, click Use first allocated Office Mode IP address for all connections to the Security Gateways of the site.
Click OK and publish the changes.

Office Mode - Using a RADIUS Server

To configure the RADIUS server to allocate IP addresses:

From the Objects Bar, click Servers > RADIUS.
Right-click the RADIUS server and select Edit.
The RADIUS Server Properties window opens.
Click the Accounting tab.
Select Enable IP Pool Management.
Select the service the RADIUS server uses to communicate with remote users.
Click OK and publish the changes.

To configure the RADIUS server to perform authentication for remote users:

In R80 SmartConsole, click Gateways & Servers and double-click the Security Gateway.
The gateway window opens and shows the General Properties page.
From the navigation tree, click VPN Clients > Office Mode.
In the Office Mode Method section, click From the RADIUS server used to authenticate the user.
Click OK and publish the changes.