Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_Doropoulos
Advisor

Is traditional VPN mode supported in R80.20?

Hi guys,

I know that in theory, R80.20 should support traditional VPN mode but that it doesn't support the option to convert traditional to simplified.

However, after exporting the database to R80.20 with the instructions outlined in this link (Installation and Upgrade Guide R80.20.M1 ), I am then getting the following output:

Title: Firewall policies with Traditional VPN mode

-----

* Description:

 

Traditional mode refers to legacy VPN policy, which was replaced by Simplified VPN (first introduced at 2002 in version NG FP3). Please change the below policies by using one of the methods:

  1. Convert your Firewall policies: In SmartConsole, go to Policy > Convert To > Simplified VPN, and follow the wizard instructions.
  2. In your Firewall policy, delete rules that contain the actions Encrypt or Client Encrypt.

 

If you have a specific case in which you have to use Traditional VPN mode, please contact Check Point support.

Could anybody be able to provide an explanation for this please?

Many thanks.

9 Replies
Danny
Champion Champion
Champion

Traditional VPN mode is not supported anymore.

See here: https://community.checkpoint.com/thread/8978

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

Just curious, but why would you like to use traditional mode VPN? I don't remember having seen that in years...

0 Kudos
Maarten_Sjouw
Champion
Champion

We have one customer with around 70-80 VPN with all kinds of third parties that are setup as Tradintional a long time ago. This is very hard to convert to simplified mode. Most of these VPN's are used for EDI traffic and have a high need  for uptime. If we were to replace this environment, it would be a per VPN migration, a lot of work and a lot of risks.

Regards, Maarten
PhoneBoy
Admin
Admin

To add a little color:

  • You cannot create any Traditional Mode VPN configurations in R80.x. 
  • If you migrate a configuration to R80.x with Traditional Mode VPN configuration, you will be allowed to use it.
  • The wizard to convert from Traditional to Simplified Mode VPN was not ported to R80.x.
    • Do the conversion to Simplified Mode prior to migrating to R80.x or you will have to do it manually after the fact.
Richard_Farnham
Participant

"do it manually" - what is meant by manually here: exporting and recreating rules by cli or something else? I've got a somewhat large production rulebase on R80.20 that doesn't use VPN, so the traditional mode went unnoticed through many migrations. (sorry for replying to this old thread)
0 Kudos
Gero_Stolle
Contributor

Hi Richard,
... and your are right 🙂  Just today having a customer trying to copy the rules from traditional to a new simplified policy, and got an error  

 

2019-09-11 12_27_24-Gesendete Elemente - gero.stolle@controlware.de - Outlook.jpg

and this under actual JHF and R80.20 so seems to be a bug here, because the mentioned copy direction is wrong too
I think this will end  in a case 🙂 

And sory for the late reply too. But I think it's ok for All who searching in the threads to find ideas 🙂 

0 Kudos
Werner_69
Explorer

Hey Gera,

an did you find a solution to copy rules from one to the other ?

0 Kudos
PhoneBoy
Admin
Admin

0 Kudos
Nick_Doropoulos
Advisor

Thank you all very much.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events