User Manual Part 2
Table Of Contents
- Using SmartDefense
- Using Antivirus and Antispam Filtering
- Overview
- Using VStream Antivirus
- Using VStream Antispam
- How VStream Antispam Works
- Header Marking
- Default Antispam Policy
- Enabling/Disabling VStream Antispam
- Viewing VStream Antispam Statistics
- Configuring the Content Based Antispam Engine
- Configuring the Block List Engine
- Configuring the IP Reputation Engine
- Configuring the VStream Antispam Policy
- Configuring the Safe Sender List
- Configuring VStream Antispam Advanced Settings
- Using Centralized Email Filtering
- Using Web Content Filtering
- Updating the Firmware
- Using Subscription Services
- Working With VPNs
- Overview
- Setting Up Your Safe@Office Appliance as a VPN Server
- Adding and Editing VPN Sites
- Viewing and Deleting VPN Sites
- Enabling/Disabling a VPN Site
- Logging in to a Remote Access VPN Site
- Logging Out of a Remote Access VPN Site
- Using Certificates
- Viewing VPN Tunnels
- Viewing IKE Traces for VPN Connections
- Viewing VPN Topology
- Managing Users
- Using Remote Desktop
- Controlling the Appliance via the Command Line
- Maintenance
- Viewing Firmware Status
- Upgrading Your Software Product
- Configuring a Gateway Hostname
- Configuring Syslog Logging
- Configuring HTTPS
- Configuring SNMP
- Setting the Time on the Appliance
- Using Diagnostic Tools
- Backing Up and Restoring the Safe@Office Appliance Configuration
- Using Rapid Deployment
- Resetting the Safe@Office Appliance to Defaults
- Running Diagnostics
- Rebooting the Safe@Office Appliance
- Using Network Printers
- Troubleshooting
- Specifications
- Glossary of Terms
- Index
Setting Up Your Safe@Office Appliance as a VPN Server
Chapter 19: Working With VPNs 567
Setting Up Your Safe@Office Appliance as a VPN
Server
You can make your network available to authorized users connecting from the Internet or
from your internal networks, by setting up your Safe@Office appliance as a VPN Server.
When the SecuRemote Remote Access VPN Server or SecuRemote Internal VPN Server is
enabled, users can connect to the server via Check Point SecuRemote/SecureClient or via a
Safe@Office appliance in Remote Access VPN mode. When the L2TP (Layer 2 Tunneling
Protocol) VPN Server is enabled, users can connect to the server using an L2TP client such
as the Microsoft Windows L2TP IPSEC VPN Client. L2TP users are automatically
assigned to the OfficeMode network, enabling you to configure special security rules for
them.
SecuRemote/SecureClient supports split tunneling, which means that VPN Clients can
connect directly to the Internet, while traffic to and from VPN sites passes through the
VPN Server. In contrast, the L2TP VPN Client does not support split tunneling, meaning
that all Internet traffic to and from a VPN Client passes through the VPN Server and is
routed to the Internet.
Enabling the Safe@Office VPN Server for users connecting from your internal networks
adds a layer of security to such connections. For example, while you could create a firewall
rule allowing a specific user on the DMZ to access the LAN, enabling VPN access for the
user means that such connections can be encrypted and authenticated. For more
information, see Internal VPN Server on page 566.