https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36843#M7750 <HTML><HEAD></HEAD><BODY><P>The encryption domain for each gateway is defined on the relevant gateway object.</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66942_pastedImage_2.png" /></P><P></P><P>For the pictured gateway:</P><P></P><P><IMG class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66943_pastedImage_3.png" /></P><P></P><P>If an interface has multiple subnets in the topology (because multiple networks behind it), we will summarize into the largest possible subnet.</P><P>The behavior depends on the setting of ike_use_largest_possible_subnets and your version as described here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101219" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101219">New VPN features in R77.20</A>&nbsp;</P><P></P><P>You can see all the SAs currently established on your gateway with the CLI command&nbsp;<STRONG>vpn tu</STRONG>.</P><P></P><P>What's the actual problem you're trying to solve here?</P></BODY></HTML> Thu, 05 Jul 2018 19:39:40 GMT PhoneBoy 2018-07-05T19:39:40Z https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36842#M7749 <HTML><HEAD></HEAD><BODY><P>Hello All,</P><P></P><P>Looking for some help regarding VPNs. I'm not 100% familiar how the VPNs are setup in the Check Points.</P><P>I would like to understand where can I find the Security associations part of a tunnel. Like I have a start community with our firewall as center point and remote as satellite. I want to know which subnets are part of encryption domain of satellite and center VPN.&nbsp;</P><P>Any suggestions?</P><P></P><P>Regards,</P><P>Reinaldo</P></BODY></HTML> Wed, 04 Jul 2018 10:18:34 GMT https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36842#M7749 Reinaldo_Fernan 2018-07-04T10:18:34Z https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36843#M7750 <HTML><HEAD></HEAD><BODY><P>The encryption domain for each gateway is defined on the relevant gateway object.</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66942_pastedImage_2.png" /></P><P></P><P>For the pictured gateway:</P><P></P><P><IMG class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66943_pastedImage_3.png" /></P><P></P><P>If an interface has multiple subnets in the topology (because multiple networks behind it), we will summarize into the largest possible subnet.</P><P>The behavior depends on the setting of ike_use_largest_possible_subnets and your version as described here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101219" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101219">New VPN features in R77.20</A>&nbsp;</P><P></P><P>You can see all the SAs currently established on your gateway with the CLI command&nbsp;<STRONG>vpn tu</STRONG>.</P><P></P><P>What's the actual problem you're trying to solve here?</P></BODY></HTML> Thu, 05 Jul 2018 19:39:40 GMT https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36843#M7750 PhoneBoy 2018-07-05T19:39:40Z https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36844#M7751 <HTML><HEAD></HEAD><BODY><P>Thanks for the explanation Daemon.&nbsp;</P><P>I'm managing check points and trying to have a better understanding on how vpns work with check points.&nbsp;</P><P>Much more clear now..&nbsp;&nbsp;</P><P>Many thanks&nbsp;</P></BODY></HTML> Thu, 05 Jul 2018 19:55:03 GMT https://community.checkpoint.com/t5/General-Topics/VPNs/m-p/36844#M7751 Reinaldo_Fernan 2018-07-05T19:55:03Z