- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello everyone,
hope your doing well these days. I have a question about the new feature in R80.40 regarding the encryption domains that can be configured per community (finally 😉).
I was wondering if this requires an R80.40 Gateway or if this also works on older Gateways. We have an R80.40 Management and we can already select to override the main encryption domain but unfortunately I have no endpoint to test if this actually works. In the release notes this feature is listed in the "Acess Control" (technically Gateway I would think) and not the Gateway or Management list so I am not sure.
As I am preparing a new Branch Office I would like to use this feature. Can anybody shed some light on this topic?
Many thanks 🙂
Marcel
I would assume it works with R80.40 GWs - from lower versions i do know only that it will not work with 1100, 1400 and 1500 SMBs:
sk165613 R80.40 Policy Installation failure to a Branch Office Appliance involving a RemoteAccess community, due to unsupported VPN Domains
That SK discusses renaming the RemoteAccess community, which is definitely not supported.
That's different than having a different VPN community per domain, or are you seeing similar errors when you push to an SMB gateway?
I just test it with gw 80.30 (mng 80.40) and it works fine.
I tested this as well with a GW running R80.10 JHF Take 154 and it worked as expected
This works with Gaia Embedded?
I have tested with:
Management R80.40+JHF89
Cluster on R80.20+JHF161 <---> FW 1480 on R77.20.87
And the VPN stops working.
As far as I know and have been told, this feature is not gateway version specific (i.e. it should work with any supported gateway version).
In other words: as long as the management is R80.40+, you should be able to leverage this feature.
Similar to @G_W_Albrecht I have experienced issues with pushing policy on SMB gateways using these type of encryption domains
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY