User Manual Part 2
Table Of Contents
- Using SmartDefense
- Using Antivirus and Antispam Filtering
- Overview
- Using VStream Antivirus
- Using VStream Antispam
- How VStream Antispam Works
- Header Marking
- Default Antispam Policy
- Enabling/Disabling VStream Antispam
- Viewing VStream Antispam Statistics
- Configuring the Content Based Antispam Engine
- Configuring the Block List Engine
- Configuring the IP Reputation Engine
- Configuring the VStream Antispam Policy
- Configuring the Safe Sender List
- Configuring VStream Antispam Advanced Settings
- Using Centralized Email Filtering
- Using Web Content Filtering
- Updating the Firmware
- Using Subscription Services
- Working With VPNs
- Overview
- Setting Up Your Safe@Office Appliance as a VPN Server
- Adding and Editing VPN Sites
- Viewing and Deleting VPN Sites
- Enabling/Disabling a VPN Site
- Logging in to a Remote Access VPN Site
- Logging Out of a Remote Access VPN Site
- Using Certificates
- Viewing VPN Tunnels
- Viewing IKE Traces for VPN Connections
- Viewing VPN Topology
- Managing Users
- Using Remote Desktop
- Controlling the Appliance via the Command Line
- Maintenance
- Viewing Firmware Status
- Upgrading Your Software Product
- Configuring a Gateway Hostname
- Configuring Syslog Logging
- Configuring HTTPS
- Configuring SNMP
- Setting the Time on the Appliance
- Using Diagnostic Tools
- Backing Up and Restoring the Safe@Office Appliance Configuration
- Using Rapid Deployment
- Resetting the Safe@Office Appliance to Defaults
- Running Diagnostics
- Rebooting the Safe@Office Appliance
- Using Network Printers
- Troubleshooting
- Specifications
- Glossary of Terms
- Index
Setting Up Remote VPN Access for Users
650 Check Point Safe@Office User Guide
Setting Up Remote VPN Access for Users
If you are using your Safe@Office appliance as a SecuRemote Remote Access VPN
Server, as an internal VPN Server, or as an L2TP VPN Server, you can allow users to
access it remotely through their Remote Access VPN Clients (a Check Point SecureClient,
Check Point SecuRemote, an L2TP VPN Client, or another Embedded NGX appliance).
To set up remote VPN access for a user
1. Enable your VPN Server, using the procedure Setting Up Your Safe@Office
Appliance as a VPN Server on page 567.
2. Add or edit th
e user, using the procedure Adding and Editing Users on page
643.
You m
u
st select the VPN Remote Access option.
Using RADIUS Authentication
You can use Remote Authentication Dial-In User Service (RADIUS) to authenticate both
Safe@Office appliance users and Remote Access VPN Clients trying to connect to the
Safe@Office appliance.
Note: When RADIUS authentication is in use, Remote Access VPN Clients must
have a certificate.
When a user tries to log in to the Safe@Office Portal, the Safe@Office appliance sends the
entered user name and password to the RADIUS server. The server then checks whether
the RADIUS database contains a matching user name and password pair. If so, then the
user is logged in.
By default, all RADIUS-authenticated users are assigned the set of permissions specified
in the Safe@Office Portal's RADIUS page. However, you can configure the RADIUS server
to pass the Safe@Office appliance a specific set of permissions to grant the authenticated
user, instead of these default permissions. This is done by configuring the RADIUS