There are a number of Check Point Remote Access VPN terms and features. This guides attempts to explain them.<\/p>\n
Main Features<\/strong><\/p>\n Office Mode<\/span> Visitor Mode <\/span> Connection Profiles<\/span> Connection Modes <\/strong><\/p>\n There are 2 main types of connection modes which defines how the connection is initalised.<\/p>\n Wire Mode<\/span> If both answers are yes then stateful inspection is not enforced. Directional VPN Enforcement between communities<\/strong><\/p>\n This allows for you to specify within the VPN column of the policy the direction in which to allow traffic between communities. Backup Gateways<\/strong><\/p>\n For backup gateways each gateway should have their own VPN Domain configured which shouldn’t over lap. MEP<\/span>
Office mode allows your remote VPN user to receive an IP address designated by the Check Point Gateway, internal DHCP server or radius server.<\/p>\n
Visitor Mode allows your VPN client to connect to the gateway over SSL on port 443. This can be used where the user is unable to connect to the gateway due to being behind devices which are blocking non standard ports.<\/p>\n
Secure Client allows the use of Connection profiles. Connection profiles gives you the ability and flexibility to build customized connection configs (such as MEP, Backup gateways, Visitor Mode, HA Policies Servers etc.) along with allowing the user the ability to choose which connection profiles they require.
SSL Network Extender<\/span>
Check Points SSL Nextwork Extender (SNX) is a Clientless VPN solution which allows for the user to use their web browser as a the VPN Client and connect to the gateway over SSL (port 443).<\/p>\n\n
Wire mode allows you to bypass the firewall to enusre that the traffic is not subject to stateful inspection.
The gateway defines internal interfaces snd communities as trusted. when a packet reaches the gateway 2 questions are raised :<\/p>\n\n
This feature is useful for MEP and Route based VPNs where differences in state tables due to network changes could cause prevent the traffic from passing the gateway.<\/em><\/p>\n
Say you had a New-york Star community and a Mesh Paris community. You could allow traffic to only initiate in the direction from Paris to New-york.<\/p>\n
To enable this :<\/p>\n\n
Multiple Entry Points is an addition to Backup Gateways and has 3 modes :<\/p>\n