Setting Up Your UTM-1 Appliance as a VPN Server
476 Check Point UTM-1 Edge User Guide
Setting Up Your UTM-1 Appliance as a VPN Server
You can make your network available to authorized users connecting from the Internet or
from your internal networks, by setting up your UTM-1 appliance as a VPN Server.
When the SecuRemote Remote Access VPN Server or SecuRemote Internal VPN Server is
enabled, users can connect to the server via Check Point SecuRemote/SecureClient or via a
UTM-1 appliance in Remote Access VPN mode. When the L2TP (Layer 2 Tunneling
Protocol) VPN Server is enabled, users can connect to the server using an L2TP client such
as the Microsoft Windows L2TP IPSEC VPN Client. L2TP users are automatically
assigned to the OfficeMode network, enabling you to configure special security rules for
them.
SecuRemote/SecureClient supports split tunneling, which means that VPN Clients can
connect directly to the Internet, while traffic to and from VPN sites passes through the
VPN Server. In contrast, the L2TP VPN Client does not support split tunneling, meaning
that all Internet traffic to and from a VPN Client passes through the VPN Server and is
routed to the Internet.
Enabling the UTM-1 VPN Server for users connecting from your internal networks adds a
layer of security to such connections. For example, while you could create a firewall rule
allowing a specific user on the DMZ to access the LAN, enabling VPN access for the user
means that such connections can be encrypted and authenticated. For more information,
see Internal VPN Server on page
475.
To Next Page
Loading...
