CheckPoint and Tunnel Splitting

Posted on 2006-04-24
Last Modified: 2012-08-13
I have a Safe@Office 425W (firmware ver. 5.0.82x and hardware version 1.1).  My "road warriors" are running CheckPoint VPN-1 SecureClient NGX R60 (Build 191).
The issue i'm having is, when they connect to our network (connection is fine); they lose their local internet access.  This means that if they are at a client, at home or where ever, and connect to our network, they drop their ability to surf the web.  I've been reading something about policy settings but have yet to find any way to set them.  It was easy in a PIX router (Cisco) but this device has no tunnel splitting option - just a User.C file found in the Check Point folder of each user.
I believe I could use Secure Remote but would rather use the Secure Client instead.
I must be over-looking something.
Any ideas?

Thank You

Question by:jpoole_007

    Author Comment

    Sorry everyone,   I figured it out.

    The Answer is:  I had to setup SecureClient in Extended View.  Once done and the software stops and starts itself, I had to delete my profile/site and recreate it again.  Then, in the properties of the profile in the Advance tab, I had to turn off HUB mode.  This would then allow me to surf the web via my local connection as well as access my server via VPN.

    Just a note - after doing the above - I still had an issue accessing drives on my server.  I found that my PC-Cillon (Trend Micro) 2006 personal firewall was blocking the ports needed by Check Point.  After opening up those ports in Trend Micro, everything worked fine.  Those ports are as follows:

    ...The filtering device has the following ports blocked: -TCP Port 264 -TCP Port 256 -UDP Port 259 -UDP Port 500 -Protocol 94, 50 and 51...

    which can be found here at Experts-Exchange using this link:

    Accepted Solution

    PAQed with points refunded (125)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    I recently purchased an HP EliteBook 2540p notebook/laptop. It has two video ports on it – VGA and DisplayPort. HP offers an optional docking station for the 2540p that also has both a VGA port and a DisplayPort. There are numerous online reports do…
    Hello to users to the new age of computers. There are so many products to choose from nowadays that you maybe confused to understand which product is the correct product for you. Let me explain briefly what should be the idea product for your best n…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now