- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Hi,
I spotted strange issue that we have in our environment (R81.10, JHF 139), however I'm not able to find the solution/explanation.
Here is the outcome of the routing table when I'm connected to our VPN with Check Point Mobile:
Here is the same, but for Check Point SSL connection over the browser:
As you can see, for the Check Point Mobile connection, IP 10.2.0.5 is missing, and whole 10.2.0.0/16 network is split into segments. Additionally IPs of all Firewalls Clusters with Mobile blade active is missing (IPs of cluster members are fine).
Do you have any idea what is the reason for this behavior?
Best regards,
Kamil
We find a solution during call with CP support. Policy source for one of FW was set to "Legacy Policy". Somehow it was impacting other FWs with VPN blade (probably because of the same encryption domain used for all VPN entry points).
Anyhow - problem for my case can be solved by changing Policy Source to Unified, or by using different encryption domain for firewall with Legacy Policy Source.
Hey Kamil,
I remember similar issue with customer few years ago and if I recall right, it had to do with the rules configured. I will see if I can find notes about it.
Andy
For the context, there should be an entry in the routing table for subnet like below (depending what your OM mode subnet is)
What I blur out is DG for it, which should be UPSTREAM router IP
Andy
Thanks, I will check it.
100% you should check it mate AND also, make sure NAT is enabled on it in smart console, as per below.
Andy
Please check the end user's IP address without VPN.
If their local IP is in the encryption domain, you'll see routes like that.
It's expected behavior.
We find a solution during call with CP support. Policy source for one of FW was set to "Legacy Policy". Somehow it was impacting other FWs with VPN blade (probably because of the same encryption domain used for all VPN entry points).
Anyhow - problem for my case can be solved by changing Policy Source to Unified, or by using different encryption domain for firewall with Legacy Policy Source.
Good to know!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 24 | |
| 5 | |
| 3 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 |
Tue 28 Jul 2026 @ 11:00 AM (EDT)
Under the Hood - Check Point and Illumio – Modern Network Defense Against AI-Based ThreatsThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 28 Jul 2026 @ 11:00 AM (EDT)
Under the Hood - Check Point and Illumio – Modern Network Defense Against AI-Based ThreatsThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY