Remote Access to Network

gogul

Hey,

I have a network setup with a Checkpoint S-box firewall. I need to get access into the network from outside. I have setup Checkpoint SecureClient on this laptop and am able to create a VPN between the two.

However, I now need to get control of one of the networked computers. I have tried using Remote Desktop but I cant seem to get connected. I have setup the networked computer to allow Remote Desktop connections and have successfully used it with another computer on the network.

I am unsure of how to proceed now. Is there any way to check that I am indeed getting successful access to the internal network?

I am using a Workgroup, not a Domain. There is no forwarding rules setup on the firewall, just VPN access. IPs are static on the Internal Network.

Cheers

G

Capt'n Midnight

gogul wrote:

However, I now need to get control of one of the networked computers. I have tried using Remote Desktop but I cant seem to get connected. I have setup the networked computer to allow Remote Desktop connections and have successfully used it with another computer on the network.

The app may also act as a firewall in which case the user on the laptop would have to connect / request support before you could manage them.

Screaming Monkey

I am assuming your configuration is pc(vpnclient)-->internet-->sbox-->server

Things to try...

1) Make sure you have at least the latest version of 5.x code on the s-box, or even version 6.x if its supported on your model. The s-box can be configured to automatically get the latest code.

2) Check the default gateway of the server your trying to connect to, make sure its the s-box. Can your server browse the internet thru the s-box ?

3) The s-box will enforce firewalling and nat on inbound client vpn sessions. You should disable the NAT and setup individual rules for the firewall component (you can disable the firewall component for client vpns as well but not recommended)
From the GUI its the VPN tab and the items "Bypass NAT" and "Bypass firewall"

gogul

Screaming Monkey wrote:

I am assuming your configuration is pc(vpnclient)-->internet-->sbox-->server

Things to try...

The config is: laptop (vpnclient)-->internet-->sbox-->workstation
Ok, I've checked what you've suggested. Unfortunately, I dont have the latest version 5.x of code. Is this really neccessary? I have no problem at all establishing the VPN. I have setup a Rule to forward all VPN traffic onto the workstation. Where do I go from this?

Screaming Monkey

you really need at least version 5.x, and it is the first thing checkpoint support would tell you, for 2 reasons
1) fixes a few vpn issues
2) Logging, the newer versions show encrypted traffic drops versus normal traffic drops, so you can see whats going on.

Does it work if you remove the "forward rule" and enable "unrestricted access" on the "VPN server" tab

gogul

Hey,

I actually have just got it working. I turned off NAT on the firewall, did not bypass the firewall, and set the rule to route all traffic coming through a VPN to be forwarded onto one specific machine. Now, all I need to do is run SecureRemote for the VPN and Remote Desktop to get control of that specific machine.

Cheers for your help

G.