https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227291#M43704 <P>Hey bro,</P> <P>I would say its normal, regardless. I actually wrote some docs about it, you can refer to below post. I know its route based tunnel to Azure, but it gives you an idea.</P> <P>Hope it helps.</P> <P>Andy</P> <P>&nbsp;</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufExTTjlYV1FXMUlGQVNMfDIwNjE3OXxTVUJTQ1JJUFRJT05TfGhL#M38950" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufExTTjlYV1FXMUlGQVNMfDIwNjE3OXxTVUJTQ1JJUFRJT05TfGhL#M38950</A></P> Thu, 19 Sep 2024 19:50:06 GMT the_rock 2024-09-19T19:50:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227267#M43700 <P>Dear CheckMates</P> <P>I have a simple cluster with 5+ External interfaces. This cluster has 5+ s2s VPN communities. Depends on the routing the VPN's interoperable devices are behind different external interfaces. The essence of this, this cluster has more than 5 External interfaces.<BR />The VPNs work fine.</P> <P>Until today.</P> <P>I created a s2s VPN as before.</P> <P>Short description:</P> <P>A_GW -&gt; my_VPN_GW<BR />B_VPN_peer -&gt; peerGW<BR />B_int -&gt; peer interoperable device<BR />B_enc -&gt; network behind the peer (100.X.X.X/25 - yes it begins with 100)<BR />A_int1 -&gt; default route (this is the default route)<BR />A_int2 -&gt; the VPNpeer is behind this IF (from my_VPN_GW's point of view)</P> <P><BR />The issue:</P> <P>The if I initiate for eg. a ping from my_VPN_GW to a host in the B_enc, the traffic leaves on the A_int1, although the B_VPN_peer is behind A_int_2 IF.</P> <P>If I create a static-route -&gt; the traffic goes where it should.</P> <P>My question would be, this is a normal behavior if the ENC_DOM is not RFC1918?</P> <P>Akos</P> Thu, 19 Sep 2024 16:28:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227267#M43700 AkosBakos 2024-09-19T16:28:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227279#M43703 <P>Routing is not always needed but it is documented as needed.</P> <P>See</P> <P><A href="https://support.checkpoint.com/results/sk/sk180613" target="_blank">https://support.checkpoint.com/results/sk/sk180613</A></P> <P>And&nbsp;<A href="https://support.checkpoint.com/results/sk/sk179485" target="_blank">https://support.checkpoint.com/results/sk/sk179485</A></P> <P>If it is vsx or maestro check&nbsp;<A href="https://support.checkpoint.com/results/sk/sk160672" target="_blank">https://support.checkpoint.com/results/sk/sk160672</A></P> <P><A href="https://support.checkpoint.com/results/sk/sk76281" target="_blank">https://support.checkpoint.com/results/sk/sk76281</A></P> <P>All above is based that I think this is regarding domain based tunnels</P> Thu, 19 Sep 2024 18:23:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227279#M43703 Lesley 2024-09-19T18:23:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227291#M43704 <P>Hey bro,</P> <P>I would say its normal, regardless. I actually wrote some docs about it, you can refer to below post. I know its route based tunnel to Azure, but it gives you an idea.</P> <P>Hope it helps.</P> <P>Andy</P> <P>&nbsp;</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufExTTjlYV1FXMUlGQVNMfDIwNjE3OXxTVUJTQ1JJUFRJT05TfGhL#M38950" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufExTTjlYV1FXMUlGQVNMfDIwNjE3OXxTVUJTQ1JJUFRJT05TfGhL#M38950</A></P> Thu, 19 Sep 2024 19:50:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-routing-and-External-interfaces/m-p/227291#M43704 the_rock 2024-09-19T19:50:06Z