Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NiladriSarkar
Explorer
Jump to solution

Encryption domain for remote access VPN

We are on 81.10 take 95, running remoteaccess VPN.

When we add a FQDN object to the encryption domain we see the following error :: he main group must contain ip-based objects only.

Does this mean we cannot add FQDN to enc domain at all ?

 

0 Kudos
2 Solutions

Accepted Solutions
emmap
Employee
Employee

This isn't a Maestro thing, FQDNs aren't supported in any R81.10 gateway as far as I know.

In R81.20 we introduced dynamic exclusions for encryption domains using dynamic objects and domain objects, I don't know if you can use FQDNs to include IPs dynamically though, I can't find anything useful on that.

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

Correct, this feature is only for excluding items from the encryption domain, not including.
I presume this should be addressed as an RFE with your local Check Point office.

View solution in original post

0 Kudos
2 Replies
emmap
Employee
Employee

This isn't a Maestro thing, FQDNs aren't supported in any R81.10 gateway as far as I know.

In R81.20 we introduced dynamic exclusions for encryption domains using dynamic objects and domain objects, I don't know if you can use FQDNs to include IPs dynamically though, I can't find anything useful on that.

0 Kudos
PhoneBoy
Admin
Admin

Correct, this feature is only for excluding items from the encryption domain, not including.
I presume this should be addressed as an RFE with your local Check Point office.

0 Kudos