Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

vpn warning: VPN-1 has reached its tunnel capacity

Hi All,

One of our decentralize Firewall Cluster (type 1180) gives the following information info:

vpn warning: VPN-1 has reached its tunnel capacity

It's part of a VPN Star Community with our central gateways (12000) R77.30

Increasing the Optimizations on the Cluster Object for:

  • Maximum concurrent IKE negotiations

doesn't solve the problem.

We have other decentralize Firewall Clusters (also type 1180) who do not have this problem.

Does anyone knows what it means, and how to solve this? How can i debug it?

Regards,

Ray

Tags (1)
0 Kudos
1 Reply
Highlighted

Your VPN Tunnel Sharing setting under Advanced Properties in the VPN Community is probably set to "pair of hosts", which creates a unique Phase 2 IPSEC tunnel for every possible combination of hosts that try to use the VPN.  "Pair of subnets" is more appropriate; if that is already selected consider the "one tunnel per gateway pair" setting.  Be careful changing this setting though as it can have a wide impact on VPN connectivity, best to do it during a maintenance window.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos