Hi All,
I have a question about the CheckPoint VPN domain supernetting feature. Recently my side have a VPN tunnel established between CheckPoint and Fortigate firewall.
- CheckPoint's VPN domains as below,
- 10.100.0.0/16
- 10.102.0.0/16
- 10.103.0.0/16
- 10.104.0.0/16
- 10.105.0.0/16
- 10.105.53.0/24
- 10.105.205.0/24
- 10.106.201.0/28
- 10.106.216.0/24
- 10.104.19.44
- 10.104.21.161/32
- 10.104.86.119/32
- 10.104.88.142/32
- 10.104.92.80/32
- 10.104.95.83/32
- 10.104.180.26/32
- 10.105.12.59/32
- 10.105.16.10/32
- 10.105.33.37/32
- 10.105.53.7x/32
- 10.105.181.x/32
- 10.106.115.32/32
- Fortigate VPN domain can found inside the attachment.
- I did vpn and ike debug on the CheckPoint gateway and found that the VPN domain superNet using 10.105.0.0/17
My question is why CheckPoint chooses 10.105.0.0/17 and not the other segment to SuperNet
1. Why do CheckPoint supernet to
10.105.0.0/17 (we do not define this as one of the Traffic Selectors on CheckPoint) and not the other segment such as
a.
10.105.0.0/16 (we defined this as one of the Traffic Selector)
b.
10.105.0.0/18 (we do not have this as one of the Traffic Selector)
c.
10.105.0.0/15 (we do not have have this as one of the Traffic Selector)
Hope anyone can answer this. Thank you