https://community.checkpoint.com/t5/General-Topics/Unauthorized-VPN-access-to-internal-networks-via-IKEv2-tunnel/m-p/50536#M9984 <P>I am not sure you can. The vulnerability and prevention steps are listed here:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk149892" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk149892</A></P> <P>&nbsp;</P> <P>If you cannot upgrade to the specific HFA where the issue is fixed, it would make sense to disable IKEv2 meanwhile</P> Thu, 11 Apr 2019 07:49:24 GMT _Val_ 2019-04-11T07:49:24Z https://community.checkpoint.com/t5/General-Topics/Unauthorized-VPN-access-to-internal-networks-via-IKEv2-tunnel/m-p/50472#M9955 <P>How would I alert on an unauthorized attempt to gain access to our site-to-site VPN in the case of CVE-2019-8456?</P><P>Thank&nbsp; you,</P><P>Dan</P> Wed, 10 Apr 2019 17:01:34 GMT https://community.checkpoint.com/t5/General-Topics/Unauthorized-VPN-access-to-internal-networks-via-IKEv2-tunnel/m-p/50472#M9955 Dan_Roddy 2019-04-10T17:01:34Z https://community.checkpoint.com/t5/General-Topics/Unauthorized-VPN-access-to-internal-networks-via-IKEv2-tunnel/m-p/50536#M9984 <P>I am not sure you can. The vulnerability and prevention steps are listed here:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk149892" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk149892</A></P> <P>&nbsp;</P> <P>If you cannot upgrade to the specific HFA where the issue is fixed, it would make sense to disable IKEv2 meanwhile</P> Thu, 11 Apr 2019 07:49:24 GMT https://community.checkpoint.com/t5/General-Topics/Unauthorized-VPN-access-to-internal-networks-via-IKEv2-tunnel/m-p/50536#M9984 _Val_ 2019-04-11T07:49:24Z