cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Is traditional VPN mode supported in R80.20?

Hi guys,

I know that in theory, R80.20 should support traditional VPN mode but that it doesn't support the option to convert traditional to simplified.

However, after exporting the database to R80.20 with the instructions outlined in this link (Installation and Upgrade Guide R80.20.M1 ), I am then getting the following output:

Title: Firewall policies with Traditional VPN mode

-----

* Description:

 

Traditional mode refers to legacy VPN policy, which was replaced by Simplified VPN (first introduced at 2002 in version NG FP3). Please change the below policies by using one of the methods:

  1. Convert your Firewall policies: In SmartConsole, go to Policy > Convert To > Simplified VPN, and follow the wizard instructions.
  2. In your Firewall policy, delete rules that contain the actions Encrypt or Client Encrypt.

 

If you have a specific case in which you have to use Traditional VPN mode, please contact Check Point support.

Could anybody be able to provide an explanation for this please?

Many thanks.

7 Replies
Danny
Pearl

Re: Is traditional VPN mode supported in R80.20?

Traditional VPN mode is not supported anymore.

See here: https://community.checkpoint.com/thread/8978

0 Kudos
Employee+
Employee+

Re: Is traditional VPN mode supported in R80.20?

Just curious, but why would you like to use traditional mode VPN? I don't remember having seen that in years...

0 Kudos

Re: Is traditional VPN mode supported in R80.20?

We have one customer with around 70-80 VPN with all kinds of third parties that are setup as Tradintional a long time ago. This is very hard to convert to simplified mode. Most of these VPN's are used for EDI traffic and have a high need  for uptime. If we were to replace this environment, it would be a per VPN migration, a lot of work and a lot of risks.

Regards, Maarten
Admin
Admin

Re: Is traditional VPN mode supported in R80.20?

To add a little color:

  • You cannot create any Traditional Mode VPN configurations in R80.x. 
  • If you migrate a configuration to R80.x with Traditional Mode VPN configuration, you will be allowed to use it.
  • The wizard to convert from Traditional to Simplified Mode VPN was not ported to R80.x.
    • Do the conversion to Simplified Mode prior to migrating to R80.x or you will have to do it manually after the fact.

Re: Is traditional VPN mode supported in R80.20?

"do it manually" - what is meant by manually here: exporting and recreating rules by cli or something else? I've got a somewhat large production rulebase on R80.20 that doesn't use VPN, so the traditional mode went unnoticed through many migrations. (sorry for replying to this old thread)
0 Kudos

Re: Is traditional VPN mode supported in R80.20?

Hi Richard,
... and your are right 🙂  Just today having a customer trying to copy the rules from traditional to a new simplified policy, and got an error  

 

2019-09-11 12_27_24-Gesendete Elemente - gero.stolle@controlware.de - Outlook.jpg

and this under actual JHF and R80.20 so seems to be a bug here, because the mentioned copy direction is wrong too
I think this will end  in a case 🙂 

And sory for the late reply too. But I think it's ok for All who searching in the threads to find ideas 🙂 

0 Kudos

Re: Is traditional VPN mode supported in R80.20?

Thank you all very much.

0 Kudos