Create a Post
Showing results for 
Search instead for 
Did you mean: 


Hello All,

Looking for some help regarding VPNs. I'm not 100% familiar how the VPNs are setup in the Check Points.

I would like to understand where can I find the Security associations part of a tunnel. Like I have a start community with our firewall as center point and remote as satellite. I want to know which subnets are part of encryption domain of satellite and center VPN. 

Any suggestions?



2 Replies

The encryption domain for each gateway is defined on the relevant gateway object.

For the pictured gateway:

If an interface has multiple subnets in the topology (because multiple networks behind it), we will summarize into the largest possible subnet.

The behavior depends on the setting of ike_use_largest_possible_subnets and your version as described here: New VPN features in R77.20 

You can see all the SAs currently established on your gateway with the CLI command vpn tu.

What's the actual problem you're trying to solve here?


Thanks for the explanation Daemon. 

I'm managing check points and trying to have a better understanding on how vpns work with check points. 

Much more clear now..  

Many thanks 

0 Kudos