Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ricki_Juntak
Explorer

SDWAN - LAN to SDWAN

Hi Checkmates,

 

After the gateway is running the SDWAN service and registering on the Infinity Portal, for example, there are 2 gateways that are connected and running SDWAN, how do you make the internal LAN reachable from the gateway that is already running SDWAN?

After the SDWAN service is running on the gateway, will it automatically advertise or reroute the internal LAN on the gateway to another gateway running with the same SDWAN profile?

0 Kudos
4 Replies
AmirArama
Employee
Employee

Hi

 

Im not sure i fully understand the question. Can you elaborate?

 

Do you mean in the VPN traffic between the GWs how each GW learns the other site lan? This is based on VPN settings of VPN Domain. And in near jumbo can be based on routes as well as we release support for Route based VPN as well.

P.s its irrelevant if GWs are in the same profile. Profile just meant to group gws to install rules on.

Ricki_Juntak
Explorer

based from I know, Another vendor usually after device join or activate the feature SDWAN tunnel automatically created and local Network from all device running SDWAN can reachable from another device, this is correct?

so with SDWAN Checkpoint we must configure first the IPSec Site to site, after that internal LAN of device can be reached by another device.

can you share simple step by step to configure the SDWAN on Checkpoint, cause we already try on LAB using

1. CP5800x2 single gateway, both gateway only use 1 IP public, one gateway HO and one gateway branch

2. connect to SDWAN-infinity portal and SMart1-cloud

3. Create IPsec tunnel but the LAN segment cannot reached from another, vpn tu tlist not showing tunnel on the CLI gateway but from Smart-1 show tunnel up on the GW-branch, on the SDWAN monitor show 1 tunnel up

we use R81.20 with JHF 65.

0 Kudos
AmirArama
Employee
Employee

Hi

Basically we have this sk and within you can see the admin guide:

https://support.checkpoint.com/results/sk/sk180605

Yes, you still need to configure IPSEC in SMC. Configure the VPN Domains properly. 

If 'vpn tu tlist' shows 0 IPSEC and 0 NAT-T, You don't have any UP tunneles.

If you don't manage, you can DM me

Thx

0 Kudos
the_rock
Legend
Legend

I dont think profile here matters at all. What matters is routing is correct.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events