https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223102#M37162 <P>I dont think profile here matters at all. What matters is routing is correct.</P> <P>Andy</P> Thu, 08 Aug 2024 17:29:26 GMT the_rock 2024-08-08T17:29:26Z https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/222991#M37120 <P>Hi Checkmates,</P><P>&nbsp;</P><P>After the gateway is running the SDWAN service and registering on the Infinity Portal, for example, there are 2 gateways that are connected and running SDWAN, how do you make the internal LAN reachable from the gateway that is already running SDWAN?</P><P>After the SDWAN service is running on the gateway, will it automatically advertise or reroute the internal LAN on the gateway to another gateway running with the same SDWAN profile?</P> Thu, 08 Aug 2024 03:56:20 GMT https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/222991#M37120 Ricki_Juntak 2024-08-08T03:56:20Z https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223100#M37160 <P>Hi</P> <P>&nbsp;</P> <P>Im not sure i fully understand the question. Can you elaborate?</P> <P>&nbsp;</P> <P>Do you mean in the VPN traffic between the GWs how each GW learns the other site lan? This is based on VPN settings of VPN Domain. And in near jumbo can be based on routes as well as we release support for Route based VPN as well.</P> <P>P.s its irrelevant if GWs are in the same profile. Profile just meant to group gws to install rules on.</P> Thu, 08 Aug 2024 17:24:08 GMT https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223100#M37160 AmirArama 2024-08-08T17:24:08Z https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223102#M37162 <P>I dont think profile here matters at all. What matters is routing is correct.</P> <P>Andy</P> Thu, 08 Aug 2024 17:29:26 GMT https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223102#M37162 the_rock 2024-08-08T17:29:26Z https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223132#M37169 <P>based from I know, Another vendor usually after device join or activate the feature SDWAN tunnel automatically created and local Network from all device running SDWAN can reachable from another device, this is correct?</P><P>so with SDWAN Checkpoint we must configure first the IPSec Site to site, after that internal LAN of device can be reached by another device.</P><P>can you share simple step by step to configure the SDWAN on Checkpoint, cause we already try on LAB using</P><P>1. CP5800x2 single gateway, both gateway only use 1 IP public, one gateway HO and one gateway branch</P><P>2. connect to SDWAN-infinity portal and SMart1-cloud</P><P>3. Create IPsec tunnel but the LAN segment cannot reached from another, vpn tu tlist not showing tunnel on the CLI gateway but from Smart-1 show tunnel up on the GW-branch, on the SDWAN monitor show 1 tunnel up</P><P>we use R81.20 with JHF 65.</P> Fri, 09 Aug 2024 07:49:17 GMT https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223132#M37169 Ricki_Juntak 2024-08-09T07:49:17Z https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223147#M37171 <P>Hi</P> <P>Basically we have this sk and within you can see the admin guide:</P> <P><A href="https://support.checkpoint.com/results/sk/sk180605" target="_blank">https://support.checkpoint.com/results/sk/sk180605</A></P> <P>Yes, you still need to configure IPSEC in SMC. Configure the VPN Domains properly.&nbsp;</P> <P>If 'vpn tu tlist' shows 0 IPSEC and 0 NAT-T, You don't have any UP tunneles.</P> <P>If you don't manage, you can DM me</P> <P>Thx</P> Fri, 09 Aug 2024 10:22:04 GMT https://community.checkpoint.com/t5/General-Topics/SDWAN-LAN-to-SDWAN/m-p/223147#M37171 AmirArama 2024-08-09T10:22:04Z