https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58086#M12621 <P>Hi Folks,</P><P>I have total around 12 VPN Tunnels running on 5900; all are Policy/Domains based VPN. I have been asked to move and see the possibiities one Tunnel out of those 12 to One VPN tunnel per Gateway Pair.&nbsp;</P><P>Wondering what could be the consequences on other tunnels then? Since I know One VPN tunnel per Gateway pair means CP will start sending/accepting 0.0.0.0/0.</P><P>TIA</P><P>Blason R</P> Fri, 12 Jul 2019 08:31:16 GMT Blason_R 2019-07-12T08:31:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58086#M12621 <P>Hi Folks,</P><P>I have total around 12 VPN Tunnels running on 5900; all are Policy/Domains based VPN. I have been asked to move and see the possibiities one Tunnel out of those 12 to One VPN tunnel per Gateway Pair.&nbsp;</P><P>Wondering what could be the consequences on other tunnels then? Since I know One VPN tunnel per Gateway pair means CP will start sending/accepting 0.0.0.0/0.</P><P>TIA</P><P>Blason R</P> Fri, 12 Jul 2019 08:31:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58086#M12621 Blason_R 2019-07-12T08:31:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58087#M12622 <P>Where did you learn that 0.0.0.0 thing ? According to&nbsp;Site to Site VPN Administration Guide R80.30 p.94<SPAN class="Apple-converted-space">&nbsp;:</SPAN></P> <P>VPN Tunnel Sharing provides greater interoperability and scalability by controlling the number of VPN tunnels created between peer Security Gateways. Configuration of VPN Tunnel Sharing can be set on both the VPN community and Security Gateway object.<SPAN class="Apple-converted-space">&nbsp;</SPAN></P> <P>• <STRONG>One VPN Tunnel per each pair of hosts </STRONG>- A VPN tunnel is created for every session initiated between every pair of hosts.<SPAN class="Apple-converted-space">&nbsp;</SPAN></P> <P>• <STRONG>One VPN Tunnel per subnet pair</STRONG>- Once a VPN tunnel has been opened between two subnets, subsequent sessions between the same subnets will share the same VPN tunnel. This is the default setting and is compliant with the IPsec industry standard.<SPAN class="Apple-converted-space">&nbsp;</SPAN></P> <P>• <STRONG>One VPN Tunnel per Security Gateway pair </STRONG>- One VPN tunnel is created between peer Security Gateways and shared by all hosts behind each peer Security Gateway.<SPAN class="Apple-converted-space">&nbsp;</SPAN></P> Fri, 12 Jul 2019 08:42:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58087#M12622 G_W_Albrecht 2019-07-12T08:42:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58089#M12623 <P>Surprising!! I last time done the debug and vpnd.elg was showing 0.0.0.0/0 and setting was One VPN Tunnel Per Gateway pair.&nbsp; I guess even&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;has suggested it to move to per subnet pair and it resolved.</P><P>&nbsp;</P> Fri, 12 Jul 2019 08:52:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58089#M12623 Blason_R 2019-07-12T08:52:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58090#M12624 <P>So in that case it should not be an issue moving to that setting for one tunnel, right?</P> Fri, 12 Jul 2019 08:53:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-Tunnel-Management-per-Gateway-Pair-and-consequences-when-I/m-p/58090#M12624 Blason_R 2019-07-12T08:53:44Z