https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108760#M4747 <P>Almost certainly a Phase 2 failure involving the Proxy-ID/subnets negotiation.&nbsp;<A id="link_13" class="page-link lia-link-navigation lia-custom-event" href="https://community.checkpoint.com/t5/General-Topics/VPN-Check-Point-and-Fortigate/m-p/76540?search-action-id=21335951418&amp;search-result-uid=76540" target="_blank"><SPAN class="lia-search-match-lithium">VPN</SPAN><SPAN>&nbsp;</SPAN>- Check Point and<SPAN>&nbsp;</SPAN><SPAN class="lia-search-match-lithium">Fortigate</SPAN></A></P> <P>Have the Fortinet side initiate the interesting traffic to start the tunnel towards the Check Point, then post the Check Point VPN logs that appear.&nbsp; If the Check Point is trying to initiate the tunnel the resulting logs from that will not be helpful.</P> Mon, 25 Jan 2021 14:06:44 GMT Timothy_Hall 2021-01-25T14:06:44Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108735#M4745 <P>Hello everyone.</P><P>&nbsp;</P><P>I am tring to connect site-to-site VPN with Checkpoint 1500 series and fortigate.</P><P>&nbsp;</P><P>It seems to be established VPN tunnel and be&nbsp;connected to the opposite fortigate.</P><P>&nbsp;</P><P>But it is impossible to reach ping each other lan .</P><P>&nbsp;</P><P>There is no error message on security log of checkpoint.</P><P>&nbsp;</P><P>The tunnel of the fortigate is up too.</P><P>&nbsp;</P><P>How can I connect to the opposite fortigate?</P> Mon, 25 Jan 2021 09:05:20 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108735#M4745 Tsukasa 2021-01-25T09:05:20Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108741#M4746 <P>Did you read<A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108600&amp;partition=Advanced&amp;product=IPSec" target="_blank">&nbsp;&nbsp;sk108600: <STRONG>VPN</STRONG> Site-to-Site with <STRONG>3rd</STRONG> <STRONG>party ?</STRONG></A>&nbsp;What about Forti logs ? VPN/IKE debug shows that all VPN establishing phases are successfull? How about traffic capture ?</P> Mon, 25 Jan 2021 10:07:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108741#M4746 G_W_Albrecht 2021-01-25T10:07:24Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108760#M4747 <P>Almost certainly a Phase 2 failure involving the Proxy-ID/subnets negotiation.&nbsp;<A id="link_13" class="page-link lia-link-navigation lia-custom-event" href="https://community.checkpoint.com/t5/General-Topics/VPN-Check-Point-and-Fortigate/m-p/76540?search-action-id=21335951418&amp;search-result-uid=76540" target="_blank"><SPAN class="lia-search-match-lithium">VPN</SPAN><SPAN>&nbsp;</SPAN>- Check Point and<SPAN>&nbsp;</SPAN><SPAN class="lia-search-match-lithium">Fortigate</SPAN></A></P> <P>Have the Fortinet side initiate the interesting traffic to start the tunnel towards the Check Point, then post the Check Point VPN logs that appear.&nbsp; If the Check Point is trying to initiate the tunnel the resulting logs from that will not be helpful.</P> Mon, 25 Jan 2021 14:06:44 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-to-Site-VPN-Fail-Checkpoint-1500-series-and-Fortigate/m-p/108760#M4747 Timothy_Hall 2021-01-25T14:06:44Z