Configuring DDNS and Access Service
In the Device > DDNS & Device Access page, you can:
-
Configure DDNS account details in one of the supported providers.
-
Configure a service that lets you remotely connect to the appliance in instances where it is behind NAT, a firewall, or has a dynamically assigned IP address.
DDNS
When you configure DDNS, the appliance updates the provider with its IP addresses. Users can then connect to the device with a host name from the provider instead of IP addresses.
This is especially important for remote access users who connect to the device to the internal network through VPN.
|
|
Note - If you configured a SAML Identity Provider to use a DDNS address for the Quantum Spark appliance, changing this DDNS address breaks the configuration. To continue using the SAML Identity Provider, you must add a new Unique identifier URL and Reply URL to the SAML application in the Identity Provider's portal. |
To configure DDNS:
-
Select Connect to the appliance by name from the Internet (DDNS).
-
Enter the details of your account on the page:
-
Provider - Select the DDNS provider that you set up an account with.
-
User name - Enter the user name of the account.
-
Password - Enter the password of the account.
Note - You cannot use these characters in a password or shared secret:
{ } [ ] ` ~ | ‘ " \(maximum number of characters: 255) -
Host name - Enter your routable host name as defined in your DDNS account.
For more information about these details, refer to your provider's website.
-
-
Make sure Reinitialize internal certificates is selected. When you enable this feature or change settings, you must reinitialize the internal certificates for them to be valid for the new DNS.
Reach My Device
Reach My Device lets you remotely connect to the appliance from the Internet so that you can use the WebUI or CLI when necessary. This is done by tunneling the administrative UI or CLI connections through a Check Point Cloud Service. Such configuration is very useful in instances where the appliance is behind a NAT device or firewall, and cannot be reached directly. In addition, the feature makes it easier to access an appliance with a dynamically assigned IP address.
To register to the Reach My Device service:
-
Click Register.
The Reach My Device window opens.
-
For Host Name, use the default host name or enter a name for this appliance to enable remote access.
-
If the host name was already defined, select Register with an existing homename and enter the Validation token of the gateway. This token verifies that an existing name belongs to this appliance owner.
-
Click Apply
The validation token, web link, and shell link are shown on the page.
-
Go to Device > Administrator Access. Configure Internet as a source for administrator access and Set specified IP addresses.
When the gateway participates in VPN, you can exclude the WAN interface (or any other interface used for the Internet connection) from the encryption domain and use Reach My Device traffic without a VPN tunnel.
In the VPN Site to Site global settings Advanced Setting, enable Do not encrypt connections originating from the local gateway.
How to access the gateway with the Reach My Device service:
When registration is complete, an outgoing tunnel to the Check Point Cloud Service is established with the appliance's IP address.