https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Site-to-Site-Route-Based-VPN-in-Checkpoint/m-p/121608#M23221 <P>I would also recommend making a reference to the following SK as any remote branch solution would have issues with LDAP queries to AD flowing out unencrypted via the internet uplink ports. Example is that 'telnet 192.168.100.2 5555' (shows traffic leaving the remote VTI destination gateway's interface towards that AD server but 'telnet 192.168.100.2 389' shows this traffic leaving via the internet uplink interface).</P><P>&nbsp;</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk26059" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk26059</A></P> Sat, 19 Jun 2021 14:52:57 GMT David_Herselman 2021-06-19T14:52:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Site-to-Site-Route-Based-VPN-in-Checkpoint/m-p/121608#M23221 <P>I would also recommend making a reference to the following SK as any remote branch solution would have issues with LDAP queries to AD flowing out unencrypted via the internet uplink ports. Example is that 'telnet 192.168.100.2 5555' (shows traffic leaving the remote VTI destination gateway's interface towards that AD server but 'telnet 192.168.100.2 389' shows this traffic leaving via the internet uplink interface).</P><P>&nbsp;</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk26059" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk26059</A></P> Sat, 19 Jun 2021 14:52:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Re-Site-to-Site-Route-Based-VPN-in-Checkpoint/m-p/121608#M23221 David_Herselman 2021-06-19T14:52:57Z