https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228904#M11543 <P>Was able to engage Check Point support. It turns out that in our case to use the redundant tunnels we need to use MEP, which can be used with DPD instead of RDP (Check Point proprietary), however, to use MEP with our device requires centrally managed system like SmartConsole.&nbsp; We are going to work with the third party to just use a single tunnel. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Thu, 03 Oct 2024 20:14:33 GMT ITSOU-SVC 2024-10-03T20:14:33Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228250#M11511 <P>Hi all,</P><P>Checkpoint Noob here.&nbsp; Have been tasked with configuring a Spark 1570 running&nbsp;<SPAN>R81.10.10 - Build 945.</SPAN></P><P><SPAN>Requires:</SPAN></P><P><SPAN>Third party has 2 IPs so we need two tunnels.</SPAN></P><P><SPAN>BGP required, therefore VTI required.</SPAN></P><P><SPAN>I do not have access to SmartConsole (that I know of) or Communities (that I know of - is that an add-on product?)</SPAN></P><P><SPAN>I feel like the setup is going to be very similar to this:</SPAN></P><P><SPAN><A href="https://support.checkpoint.com/results/sk/sk108958?source=sf&amp;permanentid=baa13175f30b7728dd338ab071c94c441771f2ad18ac54cd5999e5a385f5&amp;sysurihash=h4Kx7CBdPwA8jM4n&amp;responseid=205b8988-14ad-43b9-b0a0-26efa6441ab0&amp;documentposition=0" target="_blank">https://support.checkpoint.com/results/sk/sk108958?source=sf&amp;permanentid=baa13175f30b7728dd338ab071c94c441771f2ad18ac54cd5999e5a385f5&amp;sysurihash=h4Kx7CBdPwA8jM4n&amp;responseid=205b8988-14ad-43b9-b0a0-26efa6441ab0&amp;documentposition=0</A></SPAN></P><P>I used the above guide to setup the tunnels successfully in Gaia but I don't have access to the SmartConsole to configure the Interoperable device (is not a object type in Gaia GUI).&nbsp; I created a normal host object instead - don't know if that's going to work.</P><P>I don't have Communities apparently with the license for this device so I cannot setup the communities part. Can that portion be setup using Gaia command line?&nbsp;&nbsp;</P><P>Am I going to have to figure out how to add a license to use Communities?&nbsp; Feeling very ignorant at the moment.</P><P>Thanks.</P><P>&nbsp;</P> Fri, 27 Sep 2024 15:42:43 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228250#M11511 ITSOU-SVC 2024-09-27T15:42:43Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228417#M11512 <P>You use a loclly managed Spark 1570 running R81.10.10, so you have no SmartConsole and only Embedded GAiA.</P> <P>Documentation:</P> <UL> <LI> <P><A href="https://sc1.checkpoint.com/documents/SMB_R81.10.X/RN/EN/Default.htm" target="_blank" rel="noopener">Quantum Spark 1500, 1600, 1800, 1900, and 2000 Appliance Series R81.10.X Release Notes</A></P> </LI> <LI> <P><A href="https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Default.htm" target="_blank" rel="noopener">Quantum Spark 1500, 1600, 1800, 1900, and 2000 Appliance Series R81.10.X Locally Managed Administration Guide (English)</A></P> </LI> </UL> <P>&nbsp;</P> <P>Better look here for VPN with AWS:&nbsp; <A href="https://support.checkpoint.com/results/sk/sk111733" target="_blank" rel="noopener"><SPAN>sk111733: How to configure Site-to-Site VPN between <STRONG>Amazon</STRONG> <STRONG>Web</STRONG> <STRONG>Services</STRONG> and locally managed SMB appliance</SPAN></A></P> <P><SPAN>Besides: Can we move this post to Spark/SMB, <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a> , <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/181">@_Val_</a> ?</SPAN></P> Mon, 30 Sep 2024 07:36:45 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228417#M11512 G_W_Albrecht 2024-09-30T07:36:45Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228479#M11524 <P>VPN Communities and Interoperable Objects are only relevant when managed with a Smart-1, which is not the case for a locally managed device.<BR />You can set up VTIs in Device &gt; Network &gt; Local Network &gt; New &gt; VPN Tunnel (VTIs).<BR />You can set up the peer in VPN &gt; Site to Site &gt; VPN Sites.</P> Mon, 30 Sep 2024 14:11:43 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228479#M11524 PhoneBoy 2024-09-30T14:11:43Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228904#M11543 <P>Was able to engage Check Point support. It turns out that in our case to use the redundant tunnels we need to use MEP, which can be used with DPD instead of RDP (Check Point proprietary), however, to use MEP with our device requires centrally managed system like SmartConsole.&nbsp; We are going to work with the third party to just use a single tunnel. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Thu, 03 Oct 2024 20:14:33 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Multiple-VTI-tunnels-with-BGP-to-third-party-from-Quantum-Spark/m-p/228904#M11543 ITSOU-SVC 2024-10-03T20:14:33Z