Enabling Secondary Connect for Remote Access Clients E75.20 and above

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk65312
Technical Level
Product	Endpoint Security VPN, SecuRemote, SecureClient
Version	E80.x (EOL), E81.x (EOL), E82.x (EOL), E83.x (EOL), E84.x (EOL), E85.x (EOL), E86.x
OS	Windows
Platform / Model	Intel/PC
Date Created	11-Sep-2011
Last Modified	14-Nov-2022

Solution

Introduction

Remote Access Clients E75.20 introduces the Secondary Connect feature that provides access to multiple VPN gateways at the same time, to transparently connect to distributed resources.

Secondary Connect gives access to multiple VPN gateways at the same time, to transparently connect users to distributed resources. Users log in once to a selected site and get transparent access to resources on different gateways. Tunnels are created dynamically as needed, based on the destination of the traffic.

For example: Your organization has Remote Access gateways in New York and Japan. You log in to a VPN site that connects you to the New York gateway. When you try to access a resource that is behind the Japan gateway, a VPN tunnel is created and you can access the resource behind the Japan gateway.

Traffic flows directly from the user to the gateway, without site-to-site communication. VPN tunnels and routing parameters are automatically taken from the network topology and destination server IP address.

In an environment with Secondary Connect, the Security Gateway, on which the client first authenticates, is the Primary gateway.
A Security Gateway, to which the client connects to through a secondary VPN, is a Secondary gateway.

Important: Although the terms Primary and Secondary are used above to describe the scenario, we are not discussing a Cluster here.

Security Gateway support for Secondary Connect feature

Support for Secondary Connect feature is integrated in the following Security Gateways:

For Security Gateways R75.20, the required hotfix can be downloaded from here:

Operating System	Link
SecurePlatform and XOS
IPSO 6
Windows

Hotfix installation instructions for SecurePlatform / XOS / IPSO:

Hotfix has to be installed on Security Gateway.
Note: In cluster environment, this procedure must be performed on all members of the cluster.
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
Unpack and install the hotfix package:

[Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf fw1_wrapper_<HOTFIX_NAME>.tgz
[Expert@HostName]# ./fw1_wrapper_<HOTFIX_NAME>
Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
Reboot the machine.

Documentation

For instructions on how to configure Secondary Connect, refer to Chapter 4 "Configuring Client Features" - section "Secondary Connect" in the following Administration Guides:

E80.6x	E80.60 / E80.61 / E80.62 / E80.64 Remote Access Clients for Windows OS Administration Guide
E80.50	E80.50 Remote Access Clients for Windows Administration Guide
E75.X	E75.30 Remote Access Clients for Windows 32/64-bit Administration Guide E75.20 Remote Access Clients for Windows 32/64-bit Administration Guide

This solution is about products that are no longer supported and it will not be updated

Applies To:

00776364 , 00780926 , 00822602 , 01041746 , 00782054 , 01123505 , 00781612 , 00825465 , 01162949 , 00843048 , 00858405 , 00817762 , 01044118

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating