- CheckMates
- :
- Products
- :
- Harmony
- :
- SASE
- :
- How do I connect my branch office to cloud using H...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I connect my branch office to cloud using Harmony connect Branch office option?
Hi Team,
I am setting up Harmony connect Branch office option. My DC range is 192.168.15.0/24 and branch 10.124.1.0/24
I setup two vpn from my branch and rest of the settings configured successfully on Portal.
I have few doubts though -
- I am still wondering what should be my local and remote encryption domains on branch end routes while setting up tunnel?
- I have configured the tunnel with 192.168.15.0/24 and local prefix as 10.124.1.0/24.
- I can ping to the remote IP as suggested on portal
- However I am not able to reach to 192.168.15.0/24 to my servers.
Am I doing anything wrong?
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What device is the branch office using out of interest?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats Generic Router or Vyatta device. My Ipsec is connected successfully without any issues.
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The main issue with Harmony Connect is the connection to the DC. Even tough you have an IPSEC to the DC - you will not be able to route everything over the tunnel, you need to use defined applications... And these applications are limited to HTTP/s, RDP and SSH ..and a few more. Go look at the "Assets" and "Appløication sites" - the application site is pretty much your datacenter, and then you need to add applications to it...
You would think that the clients would be able to reach the DC ip addresses, but this is not possible. I spent hours figuring this out - and when asking Check Point when we would be able to tunnel all traffic over to the on-prem DC, they told med q4 2021 - but that did not happen.. Now they are saying q4 2022 - but I have still not seen av roadmap that verifies this.
Harmony connect is pretty much useless if you ask me 🙂 .. That is maybe a bit harsh, but.. yeah : )