This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maciej_Maczka
Contributor
‎2019-02-04 03:34 AM

VPN Domain per VPN community

Hi,

Do you have any information about "VPN Domain per VPN community" development progress?

According to: Video Link : 6473 

Scheduled to Q3 2018.

Best Regards

MM

9 Replies
PhoneBoy
Admin
Admin
‎2019-02-04 10:18 AM

It's currently a customer-specific release.

Check with your local office.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-10 04:59 PM

In addition to the aforementioned customer release, we are planning to add this feature to R80.30.M1.

Eric_Turner
Explorer
‎2019-04-02 01:07 PM
In response to PhoneBoy

Any idea when the R80.30.M1 release will be available? 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-04-02 02:58 PM
In response to Eric_Turner

It will be after R80.30 goes GA, don't have an exact timeframe yet.
PhoneBoy
Admin
Admin
‎2019-08-12 11:12 AM
In response to PhoneBoy

This is currently targeted for R80.40. EA is planned to start in the next several weeks.
0 Kudos
Daniel_Westlund
Collaborator
Collaborator
‎2021-03-23 08:01 AM
In response to PhoneBoy

Did this feature ever make it to R80.40 or R81?  If so, where can I find it in SmartConsole?  Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-23 08:28 AM
In response to Daniel_Westlund

It was added to R80.40 yes.
Note that gateways don't necessarily need to be updated to R80.40 to use this feature, though I don't believe it works with older SMB appliances (running R77.20.x or earlier):

Screen Shot 2021-03-23 at 8.26.53 AM.png

Marcel_Gramalla
Advisor
‎2021-03-23 11:36 AM
In response to Daniel_Westlund

As already said the feature is added in R80.40 management and doesn't require the gateway to be R80.40. But keep an eye on sk170857 Using "Encryption Domain Per community" feature overrides Encryption Domain for other communities (c...

The feature is work in progress and broke some VPNs with a JHF (must have been JHF 78 I think). R&D says they are working on resolving the limitation.

Daniel_Westlund
Collaborator
Collaborator
‎2021-03-23 11:48 AM
In response to Marcel_Gramalla

Thanks for the heads up.  It sounds like this feature is a no go until R&D resolves this limitation.  Looking at that SK, it strikes me as strange how CP calculates the encryption domains.  So because VPN Community A has a subnet within the network range in VPN Community B, then CP can't negotiate the entire network range for VPN Community B, but has to use the subnets that were broken up by the subnet from VPN Community A.  I would have thought that A and B didn't affect each other.  Perhaps this is why the CP VPN proposes phase 2 ranges that don't match what's defined in the encryption domain sometimes.  Well, much of the time.  My hope for this feature was that it could get us away from user.def, but that doesn't seem to be the case.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events