You can make your network available to authorized users connecting from the Internet or from your internal networks, by setting up your UTM-1 appliance as a VPN Server.
When the SecuRemote Remote Access VPN Server or SecuRemote Internal VPN Server is enabled, users can connect to the server via Check Point SecuRemote/SecureClient or via a UTM-1 appliance in Remote Access VPN mode. When the L2TP (Layer 2 Tunneling Protocol) VPN Server is enabled, users can connect to the server using an L2TP client such as the Microsoft Windows L2TP IPSEC VPN Client. L2TP users are automatically assigned to the OfficeMode network, enabling you to configure special security rules for them.
SecuRemote/SecureClient supports split tunneling, which means that VPN Clients can connect directly to the Internet, while traffic to and from VPN sites passes through the VPN Server. In contrast, the L2TP VPN Client does not support split tunneling, meaning that all Internet traffic to and from a VPN Client passes through the VPN Server and is routed to the Internet.
Enabling the UTM-1 VPN Server for users connecting from your internal networks adds a layer of security to such connections. For example, while you could create a firewall rule allowing a specific user on the DMZ to access the LAN, enabling VPN access for the user means that such connections can be encrypted and authenticated. For more information, see Internal VPN Server.
To set up your UTM-1 appliance as a VPN Server
See Installing SecuRemote.
See Configuring the OfficeMode Network.
All users connecting via L2TP will be assigned to the OfficeMode network.
See Configuring L2TP VPN Clients.
See Setting Up Remote VPN Access for Users.
Note: Disabling the VPN Server for a specific type of connection (from SecuRemote/SecureClient clients on the Internet, from SecuRemote/SecureClient clients on internal networks, or from L2TP clients) will cause all existing VPN tunnels of that type to disconnect.