This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BKYDCPSC
Participant
‎2019-10-21 01:36 AM

VPN issues after migration 77.30 to 80.30

Hi,

 

ive done a simple migrate export of a 77.30 management server, and imported on a clean 80.30 VM.

. No hostname or IP changes. 

after initial migration, we had no issues. Over the weekend, VPN tunnels have now gone down.

 

No policies have been pushed since migration. SIC was never reset as I believe you don’t need to.

 

any pointers?

 

gateways still on 77.30

0 Kudos
6 Replies
Maarten_Sjouw
Champion
Champion
‎2019-10-21 01:54 AM

You really need to do a policy push as all gateways need to know about the new management, even though you think nothing changed this is just one of those things, after a migration I always push all gateways at least 2 times.
There have been to many issues in the past that relate to first policy push after migration and not pushing at all..
Regards, Maarten
0 Kudos
BKYDCPSC
Participant
‎2019-10-21 01:57 AM
In response to Maarten_Sjouw

I guess. The customer was reluctant to do a policy push until his gateways were 80.30. Usually, I have always pushed a policy so I am not familar with not pushing a policy.

Cant quite figure out why all VPN's were up, and then went down over the weekend..
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-21 02:00 AM
In response to BKYDCPSC

Is this a CP to CP VPN based on certificates? If so, the gateways will always check the Certificate validity with management, if no policy push was done Management and gateway run out of sync and the verification will fail.
Regards, Maarten
0 Kudos
BKYDCPSC
Participant
‎2019-10-21 02:05 AM
In response to Maarten_Sjouw

It is CP to CP. I think you might have hit the nail on the head.
Do you know how often it checks for the certificate validity?
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-21 03:06 AM
In response to BKYDCPSC

At least every 24 hours.
Regards, Maarten
BKYDCPSC
Participant
‎2019-10-21 04:18 AM
In response to Maarten_Sjouw

Thanks for this. In the end, turns out the customer VPN certs expired!!!!!!! However - I still believe a policy push was needed regardless.

Thanks for your quick response!
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top