cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

CRL Fetching recommendation

Hi @ all,

this week I reinstalled our Management Node with a fresh installation of R80.20.M2.

During the installation / configuration the mangement Node was down for some hours.

During this time we lost connection to different IPSec tunnels between our Checkpoint Appliances (SMB 1400 / 1100).

After the management node was up again, they came all back after some time.

I think this Problem is caused, because CRL - Fetching ist set to fetch new CRL after 24h.

My question would be now, if it could cause a Problem when I set CRL - Fetching to a higher value (for example: 5 days). In case of a big management issue (hardware fault, big configuration issues,...) I think we could run there into a big issue if all of our tunnels will go down within 24h.

So does anybody know if this cold have any side effects when I set CRL Fetching to 120h?

Thanks.

Florian

0 Kudos
3 Replies
Highlighted
Admin
Admin

Re: CRL Fetching recommendation

The most obvious thing is your gateways will accept certificates that are revoked for longer than they would normally.

0 Kudos

Re: CRL Fetching recommendation

OK thank your for that information. So nothing else should happen when this option will changed but when management server will be down I will have more time to solve the problem before all tunnels go down. Is this right?

0 Kudos
Admin
Admin

Re: CRL Fetching recommendation

As I undertstand it, you are correct.

0 Kudos