cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Site to Site vpn with 3rd party DAIP gateway

why checkpoint is not allowing to use preshared key for the DAIP gateway or 3rd party gateway. i know it works only with a certificate but is there any future release for this feature. other competitors are compatible with PSK if the remote is DAIP 

Preshared key is supported on embeded gaia for Daip gateway but not in main stream gaia.

1 Reply
Admin
Admin

Re: Site to Site vpn with 3rd party DAIP gateway

Using an IPsec Pre-Shared Key with a dynamic IP endpoint has additional security risks, mainly because of the need to use IKE Aggressive Mode for authentication, which sends some key information "in the clear."

Refer to the following articles for more information:

As such, at least for the Enterprise products, we require certificates to be used when a VPN endpoint is dynamic.

Embedded Gaia only supports IPsec on a dynamic IP endpoint when it is self-managed.