https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88254#M3697 <P>I have a customer that wants to route wired traffic in their branch over a star VPN to headquarters as well as through to the internet.&nbsp; There is a star vpn routing option to do just that. (To center, or through the center to other satellites, to internet&nbsp;and other VPN targets)</P><P>&nbsp;</P><P>Their 1550 appliance at the branch office also has wireless in addition to wired.&nbsp; They want that wireless to be like a guest wireless and just go straight out to the internet from that box.</P><P>&nbsp;</P><P>I figured that if that branch’s wireless network source is not included in the branch’s encryption domain that it might work.</P><P>&nbsp;</P><P>Spoiler, I just tried it and it gave me an error, “encryption failure: Clear text packet should be encrypted.”</P><P>&nbsp;</P><P>My feeling is that it might be a limitation of the VPN routing option and that all traffic either goes over the VPN tunnel or is just dropped, but that doesn’t sound right to me.</P><P>&nbsp;</P><P>Has anyone tried this and was able to make it work?</P><P>&nbsp;</P><P>Jonathan</P> Thu, 11 Jun 2020 15:44:27 GMT Jonathan_Lobl 2020-06-11T15:44:27Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88254#M3697 <P>I have a customer that wants to route wired traffic in their branch over a star VPN to headquarters as well as through to the internet.&nbsp; There is a star vpn routing option to do just that. (To center, or through the center to other satellites, to internet&nbsp;and other VPN targets)</P><P>&nbsp;</P><P>Their 1550 appliance at the branch office also has wireless in addition to wired.&nbsp; They want that wireless to be like a guest wireless and just go straight out to the internet from that box.</P><P>&nbsp;</P><P>I figured that if that branch’s wireless network source is not included in the branch’s encryption domain that it might work.</P><P>&nbsp;</P><P>Spoiler, I just tried it and it gave me an error, “encryption failure: Clear text packet should be encrypted.”</P><P>&nbsp;</P><P>My feeling is that it might be a limitation of the VPN routing option and that all traffic either goes over the VPN tunnel or is just dropped, but that doesn’t sound right to me.</P><P>&nbsp;</P><P>Has anyone tried this and was able to make it work?</P><P>&nbsp;</P><P>Jonathan</P> Thu, 11 Jun 2020 15:44:27 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88254#M3697 Jonathan_Lobl 2020-06-11T15:44:27Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88466#M3701 <P>By default, the encryption domain (i.e. what goes over the VPN) includes all networks.<BR />Sounds like you need to manually define it here:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2020-06-14 at 12.23.51 AM.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6745iD60E47F860E18C48/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2020-06-14 at 12.23.51 AM.png" alt="Screen Shot 2020-06-14 at 12.23.51 AM.png" /></span></P> Sun, 14 Jun 2020 07:25:12 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88466#M3701 PhoneBoy 2020-06-14T07:25:12Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88819#M3728 <P>Thanks,</P><P>I convinced them to just route all internet from the branch with the same filtering policy as central and this issue went away.</P><P>Thanks anyways.</P><P>&nbsp;</P> Tue, 16 Jun 2020 20:08:43 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Sending-wired-and-wireless-internet-different-directions/m-p/88819#M3728 Jonathan_Lobl 2020-06-16T20:08:43Z