https://community.checkpoint.com/t5/General-Topics/Internal-CA-Query/m-p/76176#M15462 <P>While I was on holiday last week (so I didn't check anything at the time) a customer gateway had the internal CA expire.&nbsp; At that time, the site-to-site VPN to a managed gateway dropped, and remote access clients also had problems connecting.</P><P>Apparently, without doing anything (without renewing the internal CA cert) the site-to-site and Remote Access clients started working again after about 40 minutes.</P><P>Can anyone explain how this could happen if the internal CA cert was still expired at that point?&nbsp; It hadn't been renewed yet.&nbsp; How could VPN's come back up again?</P> Mon, 24 Feb 2020 11:16:38 GMT biskit 2020-02-24T11:16:38Z https://community.checkpoint.com/t5/General-Topics/Internal-CA-Query/m-p/76176#M15462 <P>While I was on holiday last week (so I didn't check anything at the time) a customer gateway had the internal CA expire.&nbsp; At that time, the site-to-site VPN to a managed gateway dropped, and remote access clients also had problems connecting.</P><P>Apparently, without doing anything (without renewing the internal CA cert) the site-to-site and Remote Access clients started working again after about 40 minutes.</P><P>Can anyone explain how this could happen if the internal CA cert was still expired at that point?&nbsp; It hadn't been renewed yet.&nbsp; How could VPN's come back up again?</P> Mon, 24 Feb 2020 11:16:38 GMT https://community.checkpoint.com/t5/General-Topics/Internal-CA-Query/m-p/76176#M15462 biskit 2020-02-24T11:16:38Z https://community.checkpoint.com/t5/General-Topics/Internal-CA-Query/m-p/76523#M15539 <P>The described scenario is very unlikely. I would assume someone opened the GW object, renewed VPN cert by doing that and installed policy on the GW afterwards.<BR /><BR />These actions can be traced in the audit log.</P> Thu, 27 Feb 2020 07:51:47 GMT https://community.checkpoint.com/t5/General-Topics/Internal-CA-Query/m-p/76523#M15539 _Val_ 2020-02-27T07:51:47Z