Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
marcinw
Participant

2 Remote Access communities within the same SMS

Hi

 

Is it possible having 2 remote access communities for 2 different firewalls (that are already in the same Meshed VPN community as well) with the same list of users on the same SMS ? Even if possible , should I expect any possible issues ?

thanks

 

0 Kudos
8 Replies
the_rock
Champion
Champion

I do not believe that was ever possible...MAYBE at some point in R80.20 (I THINK), but it got removed right away. I am 99.99% sure you can have only 1 RA community.

Chris_Atkinson
Employee
Employee

It was a bug in the GUI at the time, see the previous discussion about this here:

https://community.checkpoint.com/t5/Remote-Access-VPN/Multiple-Remote-Access-Communities-GW-Version/...

0 Kudos
the_rock
Champion
Champion

Yes, thats the one I was looking for : - )

marcinw
Participant

ok, thank you , now if I add 2nd gateway to the same Remote Access community and they are  both  in the same VPN community already ? will there be any issues ?

0 Kudos
the_rock
Champion
Champion

I dont think it would be an issue, I see people doing it all the time...are you attempting to do MEP?

marcinw
Participant

no MEP, just second location with RA for the same group of users

0 Kudos
the_rock
Champion
Champion

I seen lots of customers use multiple gateways in RA community.

RS_Daniel
Advisor

Hello,

You need to put more details about what your requierements to get an accurate answer. I unserstand you want to manage these two gateways completely independent. In this case you need to disable secondary connect  and mep on both gateways, in this way you will be able to have as many gateways as you want on the community and will be able to configure encryption domains independently.

Solved: Disabling MEP - Check Point CheckMates

Remote Access Clients for Windows 32/64-bit E80.72 and Higher Administration Guide (checkpoint.com)

On remote access clients guide look for secondary connect configuration section, and change client decide and default options to False.

Regards