- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hi Team.
I have one SMS and two RA GW. The first RA GW configured that send into vpn tunnel only needed subnets other traffic send to local ISP. The second GW configured that send all traffic into vpn tunnel and exclude some subnets to local ISP.
But now I have problem when user connect to the first GW, they received route that configured on the second GW. But on the 1st GW configure correct VPN Domain and user must receive route to vpn tunnel for some subnets.
Problem was decided when remove MEP in the file trac.defaults . Disable MEP from GW side did not work
By design, when you “add new site” you get information about all VPN gateways managed by the same SMS.
Version/JHF level along with a diagram of what you’re trying to achieve will help tremendously.
Version: R81.10 Take 150.
I installed two different RA GW, disable MEP.
And I want when users connect to first RA GW only office subnets route to vpn tunnel and other traffic through local ISP.
And when user connect to second RA GW all traffic route to vpn.
Now when user connect to first RA VPN that all traffic route to vpn and ignore VPN Domains for this GW.
I configured different VPN Domains.
Subnets that need route on first and second RA GW overlaps, because second RA GW route all traffic to vpn.
Is it possible using one SMS have two different rule for RA VPN?
There's an SK that covers this specific scenario: https://support.checkpoint.com/results/sk/sk111995
Interesting...never recall having to follow this sk before.
Andy
I think if you read below link ,it will clear certain things up. Specially section that talkes about IMPLICIT mep...
Andy
I read this. MEP is disabled.
So please answer this question...how are enc domains configured? Is it overlapping or they have seperate subnets/groups? This info is IMPORTANT.
Andy
In such case, document says to follow ttm file to be manual, ie domains are NOT overlapping, which they are not in your case. I had done this for customers before and we followed exactly what it shows in the link I sent you, no issues.
Andy
I am not sure that understood.
Now I have config ttm file:
automatic_mep_topology - false
mep_mode - dns_based
enable_gw_resolving - true
And nothing worked
I will check in the morning, as I have this working in the lab. Make sure to follow al the steps from that document, it works 100%.
Andy
Problem was decided when remove MEP in the file trac.defaults . Disable MEP from GW side did not work
Thats what document was indicating as well.
In the document indicated on GW side (need edit file on GW), I removed on client side (edit client file).
Never had to do that myself...what are versions of the gw/client?
Andy
GW - R81.10 Take 150, Client 88.30 and 86.50
Done it with those versions, NEVER have I had to modify anything on the client side.
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 6 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY