cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

R80.10 - VPN traditional mode to simplified mode

Jump to solution

We have the following problem. We have a SMS with version R80.10. Now, we have add a new 1490 SMB Appliance Cluster to the policy. If we install the SMB cluster policy, we become the following error: "VPN configuration in traditional mode is not supported on Check PointSmall Office Appliances."

 

 

Under R77.30 I can use the wizard to convert the traditional mode policy to simplified mode policy.

With R80.10 I can no longer found this wizard.

 

Now my question:

 

Is it possible to convert the traditional mode VPN policy to simplified mode?

 

What do I have to do under R80.10.

 

Regards

Heiko

1 Solution

Accepted Solutions
Admin
Admin

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

I know new Traditional Mode VPNs cannot be created in R80.x.

I presume we did not port the relevant wizard to R80.x since Simplified Mode VPNs have been the default since R5x.

My guess: you'll have to do it manually.

11 Replies
Admin
Admin

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

I know new Traditional Mode VPNs cannot be created in R80.x.

I presume we did not port the relevant wizard to R80.x since Simplified Mode VPNs have been the default since R5x.

My guess: you'll have to do it manually.

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

Hi Dameon,

THX for the fast answer.

The problem with historical Traditional Mode VPN features.
(migration path over the years R5x > R6x> R7x >R80.10)
Small suggestion for improvement:
Maybe you should get a warning when executing "migrate export" or "pre upgrade verifier" here.
Regards
Admin
Admin

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

I'm surprised you don't get such a warning (especially if we don't include the conversion wizard).

Tomer Sole‌, think we might be able to suggest this get added?

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

Second that. 

0 Kudos

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

when you run the upgrader verification service you get a warning.

Thank you for using the Check Point R80.10 upgrade verification service.
The upgrade verification service has simulated your upgrade to R80.10

Firewall policies with Traditional VPN mode

Description:

Traditional mode refers to legacy VPN policy, which was replaced by Simplified VPN (first introduced at 2002 in version NG FP3). Please change the below policies by using one of the methods:
1. Convert your Firewall policies: In SmartConsole, go to Policy > Convert To > Simplified VPN, and follow the wizard instructions.
2. In your Firewall policy, delete rules that contain the actions Encrypt or Client Encrypt.
If you have a specific case in which you have to use Traditional VPN mode, please contact Check Point support.
These are the Traditional VPN policies or rules that must be converted or deleted:

Admin
Admin

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

Wonder if it shows when you run pre_upgrade_verifier on the CLI or if that shows only on the online one.

0 Kudos

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

Thanks Mia for your answer.

This is SMS R80.10.  Unfortunately this is no longer available.

This works for older versions R77.30 and lower:-) 

Regards

Heiko

Myo_Min_Zaw
Nickel

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

Hi,

What will happen to VPN configuration after convert to simplified VPN rules?

Need to create for IPsec VPN communities manually after conversion? 

Based-on my conversion, need to setup for VPN communities configuration after conversion.

Thanks.

0 Kudos

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

We have the same issue.

😞

0 Kudos

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

A few weeks back I was trying to add an Inline Layer for APCL/URLF o a policy and it would not let me due to the fact it was a Traditional Mode VPN policy.

Thing was there was No VPN at all, IPSEC was turned off on the gateway, but still it was nagging about it.

In this case there was nothing to convert but just copy to a new policy and all done, but still...

Regards, Maarten
0 Kudos
Employee+
Employee+

Re: R80.10 - VPN traditional mode to simplified mode

Jump to solution

can you please share the builds you are using of R80.10?

0 Kudos