https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59582#M12532 My understanding is you only configure DPD on the gateway objects where DPD is actually required.<BR />You do not need to configure your local object to use DPD.<BR />See related discussion here: <A href="https://community.checkpoint.com/t5/General-Topics/Enable-DPD-on-R80-20/m-p/32605" target="_blank">https://community.checkpoint.com/t5/General-Topics/Enable-DPD-on-R80-20/m-p/32605</A> Sun, 04 Aug 2019 18:03:45 GMT PhoneBoy 2019-08-04T18:03:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59472#M12531 <P>Hello</P><P>in according to the R80.10 VPN documentation, for enabling DPD as method for the permanent tunnel, I need to change the parameter <STRONG>tunnel_keepalive_method property for each gateway in the community.</STRONG></P><P><STRONG>With the statement "for each gateway in the community" means you have to perform the change at the remote peer object and at the CKP gateway object as well.</STRONG></P><P><STRONG>The same CKP gw object is used in other VPN community with permanent tunnel on but based on tunnel_test protocol because s2s with other CKP gateway.</STRONG></P><P>I'm worried about the impact it could introduce.</P><P>My question is</P><P>&nbsp;&nbsp; what happens if I will configure the parameter to DPD on ckpgw used in different community?</P><P>I'd like to know what is the permanent tunnel protocol used in the following scenario</P><P>ckpgw1 <STRONG>tunnel_keepalive_method</STRONG>: dpd</P><P>ckpgw2 <STRONG>tunnel_keepalive_method</STRONG>: tunnel_test</P><P>3rdgw1: dpd</P><P>VPN community1</P><P>&nbsp;&nbsp; center gateway: ckpgw1</P><P>&nbsp;&nbsp; satellite gateway: ckpgw2</P><P>&nbsp;&nbsp; permanent tunnel: on all tunnels in the community</P><P><STRONG><EM>keepalive is based on .... (dpd/tunnel_test/not working)</EM></STRONG></P><P>VPN community2</P><P>&nbsp;&nbsp; center gateway: ckpgw1</P><P>&nbsp;&nbsp; satellite gateway: 3rdgw1</P><P>&nbsp;&nbsp; permanent tunnel: on all tunnels in the community</P><P><STRONG><EM>keepalive is based on .... (dpd/tunnel_test/not working)</EM></STRONG></P><P>&nbsp;</P><P><STRONG>thank you in advanced</STRONG></P> Fri, 02 Aug 2019 07:12:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59472#M12531 GG27 2019-08-02T07:12:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59582#M12532 My understanding is you only configure DPD on the gateway objects where DPD is actually required.<BR />You do not need to configure your local object to use DPD.<BR />See related discussion here: <A href="https://community.checkpoint.com/t5/General-Topics/Enable-DPD-on-R80-20/m-p/32605" target="_blank">https://community.checkpoint.com/t5/General-Topics/Enable-DPD-on-R80-20/m-p/32605</A> Sun, 04 Aug 2019 18:03:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59582#M12532 PhoneBoy 2019-08-04T18:03:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59735#M12533 <P>Thanks PhoneBoy</P><P>Just for starting, the discussion in the post <A href="https://community.checkpoint.com/t5/General-Topics/Enable-DPD-on-R80-20/m-p/32605" target="_blank" rel="noopener">https://community.checkpoint.com/t5/General-Topics/Enable-DPD-on-R80-20/m-p/32605</A> sounds related to DPD passive mode.</P><P>In my configuration I need <EM>Permanent Tunnel based on DPD mode</EM> and, in according to the guide sk108600 scenario 5, I have to switch to DPD event on my local gateway</P><P>Moreover I tried to investigate the configuration when DPD is enabled on remote peer object and not in local object and when it configured on both object.</P><P>in the first testing scenario the packtet was tunnel_test; while the 2nd scenario the packet is DPD.</P><P>&nbsp;</P> Tue, 06 Aug 2019 15:41:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-and-DPD-configuration/m-p/59735#M12533 GG27 2019-08-06T15:41:19Z