This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Marcel_Gramalla
Contributor
‎2020-04-22 01:16 AM

R80.40 - Question about encryption domain per VPN community

Hello everyone,

hope your doing well these days. I have a question about the new feature in R80.40 regarding the encryption domains that can be configured per community (finally 😉). 

I was wondering if this requires an R80.40 Gateway or if this also works on older Gateways. We have an R80.40 Management and we can already select to override the main encryption domain but unfortunately I have no endpoint to test if this actually works. In the release notes this feature is listed in the "Acess Control" (technically Gateway I would think) and not the Gateway or Management list so I am not sure.

As I am preparing a new Branch Office I would like to use this feature. Can anybody shed some light on this topic? 

 

Many thanks 🙂
Marcel

0 Kudos
Reply
8 Replies
Maarten_Sjouw
Champion
Champion
‎2020-04-22 03:58 AM

I have a R80.20SP VSX gateway, which is certainly not R80.40 on which I could set it and push policy without errors.
I am unable to test if it really works but so far it looks promising.
Regards, Maarten
Reply
G_W_Albrecht
Champion
Champion
‎2020-04-22 05:04 AM
In response to Maarten_Sjouw

I would assume it works with R80.40 GWs - from lower versions i do know only that it will not work with 1100, 1400 and 1500 SMBs: 

sk165613  R80.40 Policy Installation failure to a Branch Office Appliance involving a RemoteAccess community, due to unsupported VPN Domains

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-12-14 01:59 PM
In response to G_W_Albrecht

That SK discusses renaming the RemoteAccess community, which is definitely not supported.
That's different than having a different VPN community per domain, or are you seeing similar errors when you push to an SMB gateway?

0 Kudos
Reply
Michal_Gans
Contributor
‎2020-06-22 10:42 AM

I just test it with gw 80.30 (mng 80.40) and it works fine.

Reply
lbcadenco10
Contributor
‎2020-11-02 12:53 PM

I tested this as well with a GW running R80.10 JHF Take 154 and it worked as expected

Reply
Aitor_Carazo
Contributor
‎2020-12-11 04:02 AM

This works with Gaia Embedded?
I have tested with:


Management R80.40+JHF89 
Cluster on R80.20+JHF161  <---> FW 1480 on R77.20.87

And the VPN stops working.

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-12-13 06:42 PM

As far as I know and have been told, this feature is not gateway version specific (i.e. it should work with any supported gateway version).
In other words: as long as the management is R80.40+, you should be able to leverage this feature.

0 Kudos
Reply
henryck
Participant
‎2020-12-14 01:54 PM

Similar to @G_W_Albrecht I have experienced issues with pushing policy on SMB gateways using these type of encryption domains

0 Kudos
Reply