[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 524
  • Last Modified:

Checkpoint LAN Traffic

Hi Guys

Very recently I installed the Checkpoint Endpoint VPN version E80.50 and when users take their laptops home to try install their personal printers the printer install isn't able to detect them on the local LAN. If they don't connect to Checkpoint and then they retry the install and it works fine. We're currently checking our internal policies to see if anything could be blocking LAN or pushing LAN traffic through the VPN. Its just weird how its stopped working.

Any thoughts from the Experts would be appreciated!!
0
Rizzle
Asked:
Rizzle
  • 4
  • 4
1 Solution
 
Aaron TomoskyTechnology ConsultantCommented:
Sounds like the "send all traffic" through the VPN is selected.
0
 
RizzleAuthor Commented:
Hi Aaron,

The option to send all LAN traffic over the VPN isnt ticked.
0
 
Aaron TomoskyTechnology ConsultantCommented:
if the vpn is off, and the printer gets installed, does it then work with the vpn on?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
RizzleAuthor Commented:
Hi Aaron,

The printer doesnt work when the VPN is turned on but when turned off it works fine. We believe it maybe a conflict in the LAN IP range as the users home range is 192.168.1.x and we have a site distributing DHCP using that range. Our 3rd party security experts are looking into as that looks like the root cause.
0
 
Aaron TomoskyTechnology ConsultantCommented:
yeah, there is no easy way around ip overlap.
A. your home users need to change to something else
B. change your office ip ranges.
C. If your router supports it, is you can do "alises" from a DMZ/vpn type place over to the real office resources. So for example, assign the vpn users an ip in the 192.168.99.x range, that way their gateway is 99.1 and doesn't overlap with the home setup. Then you make static nat rules so that 99.5 -> 192.168.0.5 for each network resource you need to be available.

This is the basic setup, even though they are talking about a site to site vpn
http://www.seanlabrie.com/2011/applying-a-nat-policy-to-a-sonicwall-vpn-tunnel/
0
 
RizzleAuthor Commented:
We're resolving this internally as we've found the cause.
0
 
RizzleAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Roshan Ejaz's comment #a40274587

for the following reason:

We figured it out internally.
0
 
Aaron TomoskyTechnology ConsultantCommented:
was the cause not ip overlap?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now