User guide
Overview
606 Check Point Safe@Office User Guide
To create a Remote Access VPN with two VPN sites
1. On the remote user VPN site's Safe@Office appliance, add the office Remote
Access VPN Server as a Remote Access VPN site.
See Adding and Editing VPN Sites on page 621.
The remote user's Safe@Office appliance will act as a Remote Access VPN Client.
2. On the office VPN site's Safe@Office appliance, enable a Remote Access
VPN Server.
See Setting Up Your Safe@Office Appliance as a VPN Server on page 607.
Internal VPN Server
You can use your Safe@Office appliance as an internal VPN Server, for enhanced wired
and wireless security. When an internal VPN Server is enabled, internal network PCs and
PDAs with the appropriate software installed can establish a Remote Access VPN session
to the gateway. This means that connections from internal network users to the gateway
can be encrypted and authenticated.
The benefits of using an internal VPN Server are two-fold:
• Accessibility
Using SecureClient, Endpoint Connect, or L2TP, you can enjoy a secure connection
from anywhere—in your wireless network or on the road—without changing any
settings. The standard is completely transparent and allows you to access company
resources the same way, whether you are sitting at your desk or anywhere else.
Note: Only SecureClient and Endpoint Connect can connect to the SecuRemote
Internal VPN server, not SecuRemote.
• Security
Many of today's attacks are increasingly introduced from inside the network. Internal
security threats cause outages, downtime, and lost revenue. Wired networks that deal
with highly sensitive information—especially networks in public places, such as
classrooms—are vulnerable to users trying to hack the internal network.
Using an internal VPN Server, along with a strict security policy for non-VPN users,
can enhance security both for wired networks and for wireless networks, which are
particularly vulnerable to security breaches.