User's Manual Part 3

Setting Up Your Safe@Office Appliance as a VPN Server

Chapter 12: Working With VPNs 309

Using the internal VPN Server, along with a strict security policy for non-VPN

users, can enhance security both for wired networks and for wireless networks,

which are particularly vulnerable to security breaches.

The internal VPN Server can be used in the Safe@Office 500W wireless appliance,

regardless of the wireless security settings. It also can be used in wired appliances,

both for wired stations and for wireless stations.

Note: You can enable wireless connections to a wired Safe@Office appliance, by

connecting a wireless access point in bridge mode to one of the appliance's internal

interfaces. Do not connect computers to the same interface as a wireless access

point, since allowing direct access from the wireless network may pose a significant

security risk.

For information on setting up your Safe@Office appliance as an internal VPN

Server, see Setting Up Your Safe@Office Appliance as a VPN Server on page

309.

Setting Up Your Safe@Office Appliance as a VPN

Server

You can make your network available to authorized users connecting from the

Internet or from your internal networks, by setting up your Safe@Office appliance

as a VPN Server. Users can connect to the VPN Server via Check Point

SecuRemote or via a Safe@Office appliance in Remote Access VPN mode.

Enabling the VPN Server for users connecting from your internal networks adds a

layer of security to such connections. For example, while you could create a

firewall rule allowing a specific user on the DMZ or WLAN to access the LAN,

enabling VPN access for the user means that such connections can be encrypted

and authenticated. For more information, see Internal VPN Server on page 308.