Checkpoint Firewall: How to configure VPN Remote Access for Users using Checkpoint VPN Clients.


VPN Remote Access page you can establish secure encrypted connections between devices such as mobile devices, home desktops and laptops, and the organization through the Internet.

For remote access, you must define users in the system with credentials and set permissions for specified users. The appliance must be accessible from the Internet.

VPN Remote Access methods:

  • Check Point VPN clients – To connect laptops and desktops
  • Mobile client – To connect smartphones and tablets
  • SSLVPN – To connect through SSL VPN
  • Windows VPN Client – To connect through native VPN client (L2TP)

2. Network Diagram.

This article will guide you how to configure VPN Remote Access for users to remotely access the internal network using Checkpoint VPN Client installed on users’ computers with Checkpoint Firewall.

3. Instructions

Step 1: Create DDNS domain name for IP PPPOE on Modem.

Note: Like the network diagram above because the Modem dialup PPPOE, Checkpoint Firewall is only the local network provided by the Modem, so we cannot configure the VPN with the Checkpoint Firewall’s IP WAN.

So you need to create a DDNS domain name for this PPPOE IP (IP: 115.78.xx.xx) (Ex:, either dynamic IP or static IP for successful VPN connection.

Note: If it is a Checkpoint Firewall that dialup PPPOE, there is no need to register this domain name. You can configure VPN Remote Access from Step 3.

You can create an account to create a free DDNS domain name like No-IP to use.

While creating DDNS domain name you need to create username to add this domain to Checkpoint Firewall.

Step 2: Enable DDNS on Checkpoint Firewall.

On the administrative interface of Checkpoint Firewall > Device > System > DDNS & Device Access.

Click on “Connect to the applicance by name from the Internet (DDNS)”.

Provide the following information:

Provider: choose no-ip

User name: Enter the username created on the No-ip account

Password: Enter the password to register for a No-IP account

Host name: Enter the domain name configured with IP PPPOE in step 1.

Step 3: Create User VPN Remote Access.

On the administrative interface of Checkpoint Firewall > VPN > Remote Access > Remote Access Users > Add.

Enter the parameters for the user as shown below.

Click on “Remote Access Permissions”. Click Apply.

If you require high security, you can change the port of SSL VPN (default: 443), otherwise you can leave the default. Continue Step 4.

You can change the SSL VPN port, go to Device > Advanced > Advanced Settings. You search for “SSL VPN“.

Find and click on the line “VPN Remote Access – Remote Access Port“.

You can change the port as shown below.

If changed the port like the network diagram above, we need to open port 4435 on the modem. So that the modem can forwarding VPN traffic.

Check port opened successfully or not with website check port open like

Port 4435 is open on…” the port has been opened successfully.

Step 4: Download and install Checkpoint VPN Clients.

On the administrative interface of Checkpoint Firewall > VPN > Remote Access > Remote Control. Click ON Remote Access.

In the Checkpoint VPN Clients section, click How to connect…

Here will guide you how to configure Checkpoint VPN Client. Click “here” to go to the Checkpoint VPN Client download page.

Click choose “Remote Access (VPN) Clients product page”.

Switch to “Downloads” and select the pages near the bottom to find the latest version of Checkpoint VPN Client.

Click choose “E86.30 Checkpoint…..for Windows”.

Click Download.

Open the Checkpoint VPN Client software to install it on your computer. Click Next.

Choose Endpoint Security VPN. CLick Next.

Click Install.

After the installation is complete, click Finish.

Step 5: Create Site for Checkpoint VPN Client.

Click on the yellow padlock icon in the taskbar, the message panel appears, click Yes.

Click Next.

In Server address or Name: Enter the DDNS domain name + Port configured in step 1. Click Next.

You wait to create the connection site.

Chọn Next.

Select the authentication method as Username and Password. Click Next.

Set up site connection successfully. Click Finish.

Click Yes.

Enter the Username and Password created in step 3. Click Connect.

You wait for the connection to be established.

VPN Remote Access has successfully connected with the status of “Connected”.

Step 6: Check the results

You can login to Checkpoint Firewall after VPN is successful.

Check on Checkpoint Firewall the “Connected Remote Users” section has seen user John appear.

Check on the laptop of user John has received the correct IP

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.