Check Point UTM-1 Edge User Manual page 191

11. In the Subnet Mask drop-down list, select the DMZ's internal network range.
12. If desired, enable or disable Hide NAT.
See Enabling/Disabling Hide NAT on page 163.
13. If desired, configure a DHCP server.
See Configuring a DHCP Server on page 164.
14. Click Apply.
A warning message appears.
15. Click OK.
A success message appears.
Configuring the OfficeMode Network
By default, VPN Clients connect to the VPN Server using an Internet IP address locally
assigned by an ISP. This may lead to the following problems:
•
VPN Clients on the same network will be unable to communicate with each
other via the UTM-1 Internal VPN Server. This is because their IP addresses are
on the same subnet, and they therefore attempt to communicate directly over the
local network, instead of through the secure VPN link.
•
Some networking protocols or resources may require the client's IP address to
be an internal one.
OfficeMode solves these problems by enabling the UTM-1 DHCP Server to automatically
assign a unique local IP address to the VPN client, when the client connects and
authenticates. The IP addresses are allocated from a pool called the OfficeMode network.
Note: OfficeMode requires either Check Point SecureClient or an L2TP client to be
installed on the VPN clients. It is not supported by Check Point SecuRemote.
When OfficeMode is not supported by the VPN client, traditional mode will be used
instead.
Chapter 6: Managing Your Network
Configuring Network Settings
177