Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
621622623624625626627628629630
Setting Up Your Safe@Office Appliance as a VPN Server
Chapter 19: Working With VPNs 607
For information on setting up your Safe@Office appliance as an internal VPN Server, see
Configuring the Internal VPN Server on page 610.
Setting Up Your Safe@Office Appliance as a VPN
Server
You can make your network available to authorized users connecting from the Internet or
from your internal networks, by setting up your Safe@Office appliance as a VPN Server.
When the SecuRemote Remote Access VPN Server or SecuRemote Internal VPN Server is
enabled, users can connect to the server via Check Point SecuRemote/SecureClient or via a
Safe@Office appliance in Remote Access VPN mode.
The Endpoint Connect VPN Server can be enabled in addition to one or more of the
SecuRemote VPN Servers, to allow users to connect from relevant locations using an
Endpoint Connect VPN Client. For example, if both the SecuRemote Remote Access VPN
Server and the Endpoint Connect VPN Server are enabled, but the SecuRemote Internal
VPN Server is not enabled, then users will be able to use the Endpoint Connect VPN
Client to connect from the Internet but not from your internal networks. Endpoint Connect
users are automatically assigned to the OfficeMode network, enabling you to configure
special security rules for them.
When the L2TP (Layer 2 Tunneling Protocol) VPN Server is enabled, users can connect to
the server using an L2TP client such as the Microsoft Windows L2TP IPSEC VPN Client.
L2TP users are automatically assigned to the OfficeMode network, enabling you to
configure special security rules for them.
SecuRemote/SecureClient supports split tunneling, which means that VPN Clients can
connect directly to the Internet, while traffic to and from VPN sites passes through the
VPN Server. In contrast, the L2TP VPN Client does not support split tunneling, meaning
that all Internet traffic to and from a VPN Client passes through the VPN Server and is
routed to the Internet.
Enabling the Safe@Office VPN Server for users connecting from your internal networks
adds a layer of security to such connections. For example, while you could create a firewall
rule allowing a specific user on the DMZ to access the LAN, enabling VPN access for the
user means that such connections can be encrypted and authenticated. For more
information, see Internal VPN Server on page 606.