https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48460#M1879 <P>what happens when i'm clear the NAT rule?</P> Mon, 25 Mar 2019 09:55:03 GMT dwinurm 2019-03-25T09:55:03Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/46855#M1804 <P>Hi all,&nbsp;</P><P>anyone can help me, i create tunnel site to site between checkpoint and fortigate</P><P>the tunnel is up, but i can't ping from local address to remote address</P><P>from remote address to local address can ping</P><P>i'm already configure the policy rule and NAT rule.<BR />can anyone help my problem</P><P>thank you</P> Thu, 14 Mar 2019 06:05:53 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/46855#M1804 dwinurm 2019-03-14T06:05:53Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/46993#M1813 <P>You need to include remote network(s) in VPN domain.&nbsp;</P> Fri, 15 Mar 2019 06:07:14 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/46993#M1813 HristoGrigorov 2019-03-15T06:07:14Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47313#M1830 <P>i'm already include the remote network(s)</P> Sun, 17 Mar 2019 19:41:55 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47313#M1830 dwinurm 2019-03-17T19:41:55Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47339#M1831 Is the packet encrypted or not ? You should be able to see that in the log. If it is encrypted then the problem is likely on the Fortigate's side. Mon, 18 Mar 2019 04:16:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47339#M1831 HristoGrigorov 2019-03-18T04:16:24Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47366#M1834 <P>the packet no encrypted on log, the packet through firewall blade, not on the vpn blade.</P> Mon, 18 Mar 2019 08:00:07 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47366#M1834 dwinurm 2019-03-18T08:00:07Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47500#M1844 <P>You must have a dedicated access rule and specify that traffic that is matching it shall be encrypted. This is achieved differently according to how is appliance managed - centrally or locally. Check the appropriate guide for that.</P> Mon, 18 Mar 2019 18:24:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47500#M1844 HristoGrigorov 2019-03-18T18:24:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47566#M1846 <P>my checkpoint 1490 appliance locally managed,</P><P>and i have configured access policies and NAT policies like this :</P><P>Access Policy rule :<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Acces policy.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/193iD79432FF5E958F8B/image-size/large?v=v2&amp;px=999" role="button" title="Acces policy.jpg" alt="Acces policy.jpg" /></span></P><P>NAT Policy Rule :<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Access NAT.JPG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/194i68A6B54457B7EB2D/image-size/large?v=v2&amp;px=999" role="button" title="Access NAT.JPG" alt="Access NAT.JPG" /></span></P><P>any issue with this configuration?</P> Tue, 19 Mar 2019 06:22:07 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47566#M1846 dwinurm 2019-03-19T06:22:07Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47990#M1863 In service column you shall specify services you want to pass through VPN (e.g. ICMP, HTTP, etc). Currently you specify that only IPSec protocol is to be encrypted in the community. And that is not even needed. Wed, 20 Mar 2019 15:38:47 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/47990#M1863 HristoGrigorov 2019-03-20T15:38:47Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48051#M1867 <P>i'm change service with any service, but the result are the same</P> Thu, 21 Mar 2019 03:22:51 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48051#M1867 dwinurm 2019-03-21T03:22:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48200#M1873 <P>As you are using NAT is it allowed for VPN connection as well? Both sides needs to do that.</P> Fri, 22 Mar 2019 04:30:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48200#M1873 HristoGrigorov 2019-03-22T04:30:21Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48460#M1879 <P>what happens when i'm clear the NAT rule?</P> Mon, 25 Mar 2019 09:55:03 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Chekcpoint-appliance-1490-VPN-site-to-site-Problem/m-p/48460#M1879 dwinurm 2019-03-25T09:55:03Z