Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

R80.40 - Question about encryption domain per VPN community

Hello everyone,

hope your doing well these days. I have a question about the new feature in R80.40 regarding the encryption domains that can be configured per community (finally 😉). 

I was wondering if this requires an R80.40 Gateway or if this also works on older Gateways. We have an R80.40 Management and we can already select to override the main encryption domain but unfortunately I have no endpoint to test if this actually works. In the release notes this feature is listed in the "Acess Control" (technically Gateway I would think) and not the Gateway or Management list so I am not sure.

As I am preparing a new Branch Office I would like to use this feature. Can anybody shed some light on this topic? 

 

Many thanks 🙂
Marcel

0 Kudos
Reply
8 Replies
Champion
Champion

I have a R80.20SP VSX gateway, which is certainly not R80.40 on which I could set it and push policy without errors.
I am unable to test if it really works but so far it looks promising.
Regards, Maarten
Champion
Champion

I would assume it works with R80.40 GWs - from lower versions i do know only that it will not work with 1100, 1400 and 1500 SMBs: 

sk165613  R80.40 Policy Installation failure to a Branch Office Appliance involving a RemoteAccess community, due to unsupported VPN Domains

0 Kudos
Reply
Admin
Admin

That SK discusses renaming the RemoteAccess community, which is definitely not supported.
That's different than having a different VPN community per domain, or are you seeing similar errors when you push to an SMB gateway?

0 Kudos
Reply
Contributor

I just test it with gw 80.30 (mng 80.40) and it works fine.

Contributor

I tested this as well with a GW running R80.10 JHF Take 154 and it worked as expected

Contributor

This works with Gaia Embedded?
I have tested with:


Management R80.40+JHF89 
Cluster on R80.20+JHF161  <---> FW 1480 on R77.20.87

And the VPN stops working.

0 Kudos
Reply
Admin
Admin

As far as I know and have been told, this feature is not gateway version specific (i.e. it should work with any supported gateway version).
In other words: as long as the management is R80.40+, you should be able to leverage this feature.

0 Kudos
Reply
Participant

Similar to @G_W_Albrecht I have experienced issues with pushing policy on SMB gateways using these type of encryption domains

0 Kudos
Reply