Configuring the Remote Access Blade

In the VPN > Remote Access Blade Control page you can establish secure encrypted connections between devices such as mobile devices, home desktops and laptops, and the organization through the Internet.

For remote access, you must define users in the system with credentials and set permissions for specified users. The appliance must be accessible from the Internet.

Note - Remote Access applies to traffic from IPv4 addresses only.

These are supported remote access connection methods:

  • Install a VPN client on the home desktops or laptops.

  • Browse from home devices (using secure HTTPS) to the appliance and download a thin client when necessary. This method is known as SSL Network Extender.

We highly recommend that you first configure DDNS or a static IP Internet connection on the appliance. If you do not use a static IP, your appliance's IP address can vary based on to your Internet Service Provider. DDNS lets home users connect to the organization by name and not IP address that can change. See Device > DDNS for more details.

To configure DDNS, click the DDNS link or the Internet link for static IP address.

To enable or disable VPN Remote Access:

  1. Select On or Off.

  2. Click Apply.

Note - When the blade is managed by Cloud Services, a lock icon is shown. You cannot toggle between the on and off states. If you change other policy settings, the change is temporary. Any changes made locally will be overridden in the next synchronization between the gateway and Cloud Services.

To configure the default access policy through remote access:

  1. Select or clear the Allow traffic from Remote Access users (by default) checkbox. When cleared, access from Remote Access users to resources in the organization must be defined for each resource using the Access Policy > Servers page or by manually defining access rules in the Access Policy > Firewall Policy page.

  2. Select or clear the Log traffic from Remote Access users (by default) checkbox.

  3. Click Apply.

VPN Remote Access methods:

  • Check Point VPN clients - To connect laptops and desktops

  • Mobile client - To connect smartphones and tablets

  • SSLVPN - To connect through SSL VPN

  • Windows VPN Client - To connect through native VPN client (L2TP)

    By default, Check Point VPN clients is enabled.

To configure VPN remote access methods:

  1. Select the checkbox next to the desired method and click How to connect...

    The Usage window opens.

  2. Follow the instructions. You can also receive these instructions by email.

  3. Close the window and click Apply.

To manage SSL VPN bookmarks:

  1. Select the SSL VPN checkbox.

  2. Click Apply.

  3. Click Manage SSL VPN bookmarks.

    The VPN > Advanced page opens.

  4. In SSL VPN bookmarks, click New to create new bookmarks.

    A new window opens.

  5. Enter these details:

    • URL

      Note - If you select Global bookmark, all users see this bookmark.

    • Type - Link or RDP (remote desktop protocol)

    • Label - The bookmark name

    • Tooltip - Description

  6. Click Apply.

If you select RDP as the bookmark type, you must enter the user name and password in the RDP Advanced Settings. These credentials are sent to the end user.

Note - If you select Show characters, the password characters are visible.

You can also specify the screen size of the remote desktop. The default mode is full screen.

To manage bookmarks:

  1. Click on a bookmark.

  2. Click Edit or Delete.

  3. Click Apply.

To assign a VPN certificate:

  1. Select the SSL VPN check box.

  2. Click Certificate authentication.

    The Certificate authentication window opens. The list of uploaded certificates shows in the drop down menu.

  3. Select the certificate name.

    Note - You cannot select the default Web portal certificate.

  4. Click Apply.

To send users remote access usage instructions:

  1. Click the How to connect link next to the relevant remote access method.

  2. Click the E-mail these instructions to automatically open a pre-filled email that contains the instructions.

  3. Click Close.

To change the Remote Access port settings:

If the default remote access port (port 443) and a server use the same port, a conflict message shows. You must change the default remote access port if the Check Point VPN client, Mobile client, or SSL VPN remote access methods are enabled as they use port 443 by default.

  1. Click the Change port link.

    The Remote Access Port Settings window opens.

  2. In Remote Access port, enter a new port number.

  3. Make sure Reserve port 443 for port forwarding is selected.

  4. Click Apply.