- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hey guys,
Just for my own sanity, though we already confirmed with the customer doing this caused the issue, but they were wondering if doing so, one can make it work? So essentially have SAME remote access enc domain for 2 clusters, one for on prem and one Azure?
I cant really see how that would work, but just wondering if its even possible? if not, could they use same random subnets from large group already used for onprem to test Azure side or in order to use same one, it would need to be done during cutover window?
Tx as always!
Andy
Hi @the_rock using the same encryption domain on multiple gateways for remote access is possible. Normally this is called and done MEP (MultipleEntryPoint). You have to have an eye for the return packets if used MEP.
I don‘t know if this help for your needs, maybe you have to describe this.
I assume this is the link you meant?
Andy
For what is worth, I even had it configured with 2 subnets from current RA group used on prem, but even that caused an issue, so now Im really wondering how this can be tested before the actual cutover.
Andy
Hi @the_rock using the same encryption domain on multiple gateways for remote access is possible. Normally this is called and done MEP (MultipleEntryPoint). You have to have an eye for the return packets if used MEP.
I don‘t know if this help for your needs, maybe you have to describe this.
Hey @Wolfgang
Thanks for that. I see what you mean, though now we have to pause on this, since we dont want to cause customer more issues, as they heavily rely on remote access. I did end up opening TAC case about it, so lets see what they say 🙂
Andy
I assume this is the link you meant?
Andy
@the_rock yes, that's it. We have customers using this as active/backup and others using Loadbalancing to distribute the remote users between gateways. Works like a charm. With different IP-pools for office-mode on every gateway you are fine with the back routing to the endpoints. I always use some SAM rules (blocking HTTPS to the gateway) to test the failover to another gateway. With these SAM rule you can add and remove block rules quickly and you can skip the internal rules, because SAM rules are working before.
Thanks @Wolfgang
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY