This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Brad135631
Explorer
‎2025-10-18 08:32 AM
Jump to solution

CLoudGuard Azure - Remote Access Disconnecting within 20secs

Afternoon,

Im fairly new to CP and setting up a POC for migrating our on prem to Azure.  Ive been playing with RemoteVPN and OfficeMode and set it up along with Azure SSO.  But Im getting some strange issues...

If I configure IPSEC VPN > Link Selection to Calculate Base on Topology - I can VPN in successfully and access stuff.

However, when I disconnect and reconnect, the Endpoint security gateway address changes to 10.0.0.4 (eth0) thus unable to reconnect.

I tried to change to Statically NAT IP with the external IP which Azure NATs to 10.0.0.4.  I can connect successfully but then I get in a reconnect loop every 15s. 

Ive going through a bunch of docs and struggling to find an answer.

CP instance has been deployed from the marketplace.

Has anyone ever come across this before?

Thanks,

Brad

 

 

0 Kudos
(1)
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-10-20 08:20 AM
Jump to solution

You need to change the Link Selection settings, which default to the Main IP of the object, which is likely private.
See: https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN... 

To force the client to use a specific FQDN (because the public IP may change): https://support.checkpoint.com/results/sk/sk103440 

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2025-10-20 08:20 AM
Jump to solution

You need to change the Link Selection settings, which default to the Main IP of the object, which is likely private.
See: https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN... 

To force the client to use a specific FQDN (because the public IP may change): https://support.checkpoint.com/results/sk/sk103440 

the_rock
MVP Diamond
MVP Diamond
‎2025-10-20 06:08 PM
Jump to solution

Thats exactly what you need to do what @PhoneBoy  said. I had to follow same sk for 3 customers in the past.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Sameer_Basha
Employee
Employee
‎2026-02-21 02:15 PM
Jump to solution

i faced a similar issue when used link selection as statically natted IP address. i observed tunnel tests were getting dropped and  i am seeing statically natted IP address in the logs. the error was According to the policy the packet should not have been decrypted. By logic this IP address should not appear in the logs as Azure should Nat all traffic on this IP address to to private VIP IP address on the frontend. 

To resolve the problem i added the NAT IP address to encryption domain of the remote access vpn. the disconnection stopped and i started seeing the tunnel tests to the correct IP address. 

My environment is on R82 Take 60. 

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events