This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ricki_Juntak
Participant
‎2024-08-07 08:56 PM

SDWAN - LAN to SDWAN

Hi Checkmates,

 

After the gateway is running the SDWAN service and registering on the Infinity Portal, for example, there are 2 gateways that are connected and running SDWAN, how do you make the internal LAN reachable from the gateway that is already running SDWAN?

After the SDWAN service is running on the gateway, will it automatically advertise or reroute the internal LAN on the gateway to another gateway running with the same SDWAN profile?

Preview file
34 KB
0 Kudos
4 Replies
AmirArama
Employee
Employee
‎2024-08-08 10:24 AM

Hi

 

Im not sure i fully understand the question. Can you elaborate?

 

Do you mean in the VPN traffic between the GWs how each GW learns the other site lan? This is based on VPN settings of VPN Domain. And in near jumbo can be based on routes as well as we release support for Route based VPN as well.

P.s its irrelevant if GWs are in the same profile. Profile just meant to group gws to install rules on.

Ricki_Juntak
Participant
‎2024-08-09 12:49 AM
In response to AmirArama

based from I know, Another vendor usually after device join or activate the feature SDWAN tunnel automatically created and local Network from all device running SDWAN can reachable from another device, this is correct?

so with SDWAN Checkpoint we must configure first the IPSec Site to site, after that internal LAN of device can be reached by another device.

can you share simple step by step to configure the SDWAN on Checkpoint, cause we already try on LAB using

1. CP5800x2 single gateway, both gateway only use 1 IP public, one gateway HO and one gateway branch

2. connect to SDWAN-infinity portal and SMart1-cloud

3. Create IPsec tunnel but the LAN segment cannot reached from another, vpn tu tlist not showing tunnel on the CLI gateway but from Smart-1 show tunnel up on the GW-branch, on the SDWAN monitor show 1 tunnel up

we use R81.20 with JHF 65.

0 Kudos
AmirArama
Employee
Employee
‎2024-08-09 03:22 AM
In response to Ricki_Juntak

Hi

Basically we have this sk and within you can see the admin guide:

https://support.checkpoint.com/results/sk/sk180605

Yes, you still need to configure IPSEC in SMC. Configure the VPN Domains properly. 

If 'vpn tu tlist' shows 0 IPSEC and 0 NAT-T, You don't have any UP tunneles.

If you don't manage, you can DM me

Thx

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-08-08 10:29 AM

I dont think profile here matters at all. What matters is routing is correct.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events