SecureClient Office mode problem

[suderman]

Hello !

I have a problem when connecting to Checkpoint's Gateway (NG R55) using SecureClient with office mode enabled.

All Gateway interfaces are private addresses
so NAT is being made on the router connecting internal network with internet.

In my case SecureClient is connecting to Firewall then getting local ip address (Office mode).
To that point all is ok.

But then it cannot go anywhere. All rules on the Firewall are ok. In logs of the firewall I can see the traffic from office mode local ip is getting through but for some reason it's not going back where I connect from.

I'm not sure it's becouse of misconfiguration or lack of Policy Server installed ?

Thanks.

 

[stooo]

The fact that you are seeing the traffic in the firewall logs shows you have inbound connectivity, and that its a routing issue internally

if you office mode ip address comes from the same range as the internal LAN then your internal devices will not route to it correctly (they will arp for it and not get a reply)

Either use a different subnet for the office mode ip's, or you may be able to get around it by adding proxy arp entries to the firewall for these assigned ip's.

Using a different range is deffinately the easiest way to fix this

 

[suderman]

Hello !

I've already fix this issue.
Traffic for the office mode ip pool must be directed back to client from which the SecureClient is connecting.

Thanks for Your answer.

 

[broadbandmaritime]

Hi ,

I am getting the following errors on SmartCenter when i install a new QOS policy on the firewall cluster that we have.

Errors are as follows:

1) Reason TCP connectivity failure (port 18191) on firewall 1

2) VPN1/FW1 policy installation canceled for module Firewall2

3) Policy Installation canceled.

Please help)