https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243945#M2247 <P>Gateway &amp; client version, is MEP configured?</P> <P>Does this effect all users/clients or just your specific location and what type of ISP link is used e.g. IPV6 or CGNAT etc</P> <P>&nbsp;</P> Mon, 17 Mar 2025 13:28:50 GMT Chris_Atkinson 2025-03-17T13:28:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243938#M2246 <P>My client currently has Firewall A and Firewall B, which are connected via an IPsec VPN. However, when using Capsule VPN (Windows), whether the gateway is set to Firewall A or Firewall B, access to the internal network works. But with Endpoint Security VPN, unlike with Capsule VPN, access to the internal network of each firewall is not possible. Has anyone experienced a similar situation? When pinging, the packets don't even reach the firewall. It's not a policy issue.</P> Mon, 17 Mar 2025 13:09:47 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243938#M2246 dkzndkqh 2025-03-17T13:09:47Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243945#M2247 <P>Gateway &amp; client version, is MEP configured?</P> <P>Does this effect all users/clients or just your specific location and what type of ISP link is used e.g. IPV6 or CGNAT etc</P> <P>&nbsp;</P> Mon, 17 Mar 2025 13:28:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243945#M2247 Chris_Atkinson 2025-03-17T13:28:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243956#M2248 <P>No, current vpn community is mesh type , so it is not an MEP configuration , and it applies to all users connecting via Endpoint Security VPN regardless of location. The ISP is using CGNAT."</P> Mon, 17 Mar 2025 14:37:29 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243956#M2248 dkzndkqh 2025-03-17T14:37:29Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243965#M2249 <P>Just curious, does deleting and re-creating tyhe site works? If not, then we would need to do captures to see if you even see any traffic on tunnel test port 18234?</P> <P>Andy</P> Mon, 17 Mar 2025 16:05:55 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243965#M2249 the_rock 2025-03-17T16:05:55Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243966#M2250 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/119966">@dkzndkqh</a>&nbsp;</P> <P>See my lab example...IMPORTANT to point out, see how last flag shows Oe, meaning outbound and encrypted.</P> <P>Andy</P> <P>&nbsp;</P> <P>[Expert@R82:0]# fw monitor -e "accept port(18234);"<BR />PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable<BR />PPAK 0: Get before set operation succeeded of fwmonitor_debug_filter_off<BR />PPAK 0: Get before set operation succeeded of fwmonitorfreebufs<BR />************************************************************** NOTE **************************************************************<BR />*** Using "-e" filter will not monitor accelerated traffic. To monitor and filter accelerated traffic please use the "-F" filter ***<BR />************************************************************************************************************************************<BR />FW monitor will record only ip &amp; transport layers in a packet<BR />For capturing the whole packet please do -w<BR />PPAK 0: Get before set operation succeeded of fwmonitor_ppak_all_position<BR />monitor: getting filter (from command line)<BR />monitor: compiling<BR />monitorfilter:<BR />Compiled OK.<BR />monitor: loading<BR />monitor: monitoring (control-C to stop)<BR />PPAK 0: Get before set operation succeeded of fwmonitormaxpacket<BR />PPAK 0: Get before set operation succeeded of fwmonitormask<BR />PPAK 0: Get before set operation succeeded of fwmonitorallocbufs<BR />PPAK 0: Get before set operation succeeded of printuuid<BR />[vs_0][fw_1] eth0:i[40]: 172.17.10.1 -&gt; 172.16.10.253 (UDP) len=40 id=1<BR />UDP: 18534 -&gt; 18234<BR />[vs_0][fw_1] eth0:I[40]: 172.17.10.1 -&gt; 172.16.10.253 (UDP) len=40 id=1<BR />UDP: 18534 -&gt; 18234<BR />[vs_0][fw_1] eth0:o[40]: 172.16.10.253 -&gt; 172.17.10.1 (UDP) len=40 id=1<BR />UDP: 18234 -&gt; 18534<BR />[vs_0][fw_1] eth0:O[40]: 172.16.10.253 -&gt; 172.17.10.1 (UDP) len=40 id=1<BR />UDP: 18234 -&gt; 18534<BR />[vs_0][fw_1] eth0:Oe[40]: 172.16.10.253 -&gt; 172.17.10.1 (UDP) len=40 id=1<BR />UDP: 18234 -&gt; 18534<BR />[vs_0][fw_1] eth0:i[40]: 172.17.10.1 -&gt; 172.16.10.253 (UDP) len=40 id=1<BR />UDP: 18535 -&gt; 18234<BR />[vs_0][fw_1] eth0:I[40]: 172.17.10.1 -&gt; 172.16.10.253 (UDP) len=40 id=1<BR />UDP: 18535 -&gt; 18234<BR />[vs_0][fw_1] eth0:o[40]: 172.16.10.253 -&gt; 172.17.10.1 (UDP) len=40 id=1<BR />UDP: 18234 -&gt; 18535<BR />[vs_0][fw_1] eth0:O[40]: 172.16.10.253 -&gt; 172.17.10.1 (UDP) len=40 id=1<BR />UDP: 18234 -&gt; 18535<BR />[vs_0][fw_1] eth0:Oe[40]: 172.16.10.253 -&gt; 172.17.10.1 (UDP) len=40 id=1<BR />UDP: 18234 -&gt; 18535<BR />^C monitor: caught sig 2<BR />monitor: unloading<BR />PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable<BR />PPAK 0: Get before set operation succeeded of fwmonitor_debug_filter_off<BR />PPAK 0: Get before set operation succeeded of fwmonitorfreebufs<BR />[Expert@R82:0]#</P> Mon, 17 Mar 2025 16:08:58 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-Security-VPN/m-p/243966#M2250 the_rock 2025-03-17T16:08:58Z