How To Set Up Remote Access with Office Mode for SecureClient

and Endpoint Connect

Chi Tran & John White
10 March 2010

Objective
This document explains the steps for setting up Office Mode IP for Remote Access clients.
The basic configuration of Office Mode uses IP pools. Select an internal address space designated for remote users
using Office Mode. This can be any IP address space, if the addresses in this space do not conflict with addresses
used in the enterprise domain. You can use address spaces that are not routable on the Internet, such as 10.x.x.x.

SUPPORTED VERSIONS
 NGX R65 (up to HFA 70)

SUPPORTED OS
 Windows XP
 Windows Vista
 Windows 7 Enterprise and Ultimate editions (32-bit)

SUPPORTED APPLIANCES
Appliances with Check Point NGX R65 or higher installed.

Assumed Knowledge
How to set up standard VPN Remote Access.

Related Documentation
For more on how to Configure Office Mode, see Check Point NGX R65 VPN Administration Guide.
Also see relevant SKs:
sk30547: Configuring Office Mode
sk36746: Configure office mode using DHCP server.(arp configuration)
sk18043: Configuring Office Mode IP assignment per user or group
How To: How to Setup Endpoint Connect R73 on Windows 32bit and 64bit
Impact on the Environment and Warnings
None

CONFIGURING SERVER SIDE

To deploy the basic Office Mode (using IP pools):
1. Open the Network Properties window for a new network object.
Select Manage > Network Objects > New > Network.
2. Create a new network object for the IP Pool.
In the Network Properties General tab, set the IP pool range of addresses.
 For Network Address, enter the first address to be used (for example: 10.130.56.0).
 For Net Mask, enter the subnet mask according to the amount of addresses to use.
For example: 255.255.255.0 designates all 254 IP addresses from 10.130.56.1 to 10.130.56.254 for
Office Mode addresses.
3. Close the Network Object Properties window.
4. Double click the Gateway and select Remote Access > Office Mode.
 5. In Office Mode, select Offer Office Mode to group or Allow Office Mode to all users.
6. In Office Mode Method, select Manual (using IP pool) and select the network object that you defined for
the Office Mode IP.

CONFIGURING CLIENT SIDE For R60

SecureClient
On the client's machine, do the following steps to connect to the Gateway in Office Mode:
1. Right-click the SecureClient icon in the system tray and select Connect.
A message appears: No sites defined. Would you like to create a new site?
2. Select Yes to create new site.
The Site Wizard opens.
3. Enter the IP address of the Gateway you want to connect to. Click Next.
4. Select Username and Password. Click Next.
5. Here we will use the Check Point Username and Password for SecureClient Authentication.
Click Next.

6. Select Standard. Click Next.

7. If successful, it will validate the site and provide you with the Fingerprint. Click Next.

It will take a few minutes to connect and download the Topology of the Firewall you connected to.

8. Click Finish.
9. Right-click the SecureClient icon and connect to
the gateway.

See the Connection Details.

Completing the Procedure
Make sure to Install Policy after the client is configured on the Dashboard.

Verifying
After the Client is successfully installed, the site is created, and the connection is made to the Gateway, you need to
verify that the Client can obtain the assigned office mode IP. Open the Connection Details window. See that the
assigned IP address is in the IP Pool, and see the Computer > Office Mode details.