Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Leader
Leader

problem with VPN to DAIP-gateways after upgrade to R80.40

Dear CheckMates,

we replaced a central cluster with new hardware and migrated to R80.10 from R80.40.(same configuration)

SMS was already running on R80.40.

VPN to remote gateways with fixed IP are up.

But now all site to site VPNs with DAIP-gateways (1100 appliances behind LTE-routers) are down.

We could see NAT-T packets from the DAIP gateways to the central site, phase 1 and phase 2 looks good but no packets are gone over the tunnel. Central gateway shows encryption of the packets for the remote encryption domain but does not reach the remote gateways.

TAC is involved but with no finding at the moment.

Has anyone running R80.40 with DAIP-gateways and VPN?

Any ideas are welcome.

Wolfgang

0 Kudos
Reply
2 Replies
Danny
Champion
Champion

CheckMates provides a workaround for such annoyances with DAIP gateways.

>>>

On October 24, 2018, Check Point officially announced the end of the further development of firmwares for its 1100 appliances.

The latest firmware version for 1100 appliances is R77.20.80.

The release notes of firmware R77.20.81 clearly states :
Important: this and future releases do not support 600/1100 appliances.

This also corresponds to the official overview for all SMB firmwares.

This is due to hardware-specific extensions, which the older hardware of the 1100 appliances no longer does justice to. Since the end of engineering support in June 2020 Check Point support won't provide bugfix updates anymore. It's therefore recommended to upgrade all customers that still use 1100 appliances to switch to Check Point's current branch office appliances (1500 appliances)

0 Kudos
Reply
Wolfgang
Leader
Leader

Thanks Danny,

we know, the 1100 are not the newest models (upgrade is on the way but not now), but they are still supported to managed from a R80.40 SMS.

Wolfgang

0 Kudos
Reply