fir3net

How do I Create an SSL VPN on a Check Point Gateway ?

 Below shows you the steps in order to create an SSL VPN on a Check Point Gateway :

  1. Create a new network object. This will be used as the remote users IP address. Name this "net_office-mode-IPs"
  2. Within the Check Point Object under Tolopogy > VPN Domain add your local domain.
  3. Within the Check Point Object under Remote Access make the following changes : Enable Support Vistor Mode
  4. Within the Check Point Object under Office Mode - Select "Allow Office Mode to all users". Add this new network object under Manual (Allocate IP address from Network)
  5. Within the Check Point Object Under Client VPN - Tick Support Clientless VPN. Under Certificate for gateway authentication select ICA_CERT.
  6. Within the Check Point Object under SSL Clients - Tick the SSL Network Extender and select the ICA_CERT as the The gateway authenticates with this certificate.
  7. Within the VPN community Tab under your Remote Access community. Add your Gateway as a paricipating gateway.
  8. Within the Users Tab create your users and add these to a new user group.
  9. Create a Rule for to allow access from your usergroups to your internal hosts (local encryption domain) and select your Remote Access Community.

Please Note :

  • The user will now be able to connect to your gateway via your web browser on port 443. Enter https://[gateway ip] into your browser.
    • You will need to enusre that enusre your SPLAT WebUI or your IPSO Yoyger is listening on another port other the tcp/443.

Tags: VPN

About the Author

RDonato

R Donato

Ricky Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Ricky on Twitter @f3lix001