This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ibrown
Contributor
‎2024-10-17 04:55 AM
Jump to solution

Backup over vpn

Hello Everyone,

odd question this, but I've not found a solution as yet.  I have several Quantum spark appliances around the world in branch offices, connected to the main office via vpn.

 

I schedule periodic backups but these come out via the external (ie primary) interface address and don't decrypt and route correctly at the main office end. Is there a way to force an interface for the ftp traffic ?

 

Currently I send to an externally facing SFTP server, but ideally I'd come via the vpn.

 

Any thoughts ?

 

Thanks

Ian

0 Kudos
2 Solutions

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-10-17 05:30 AM
Jump to solution

Locally or centrally managed?

In advanced settings there is an option to source locally generated traffic from the internal address as an option.

"Use Internal IP address for encrypted communications from the local gateway"

Other options exist but may add unnecessary complexity in configuration 

CCSM R77/R80/ELITE

View solution in original post

PhoneBoy
Admin
Admin
‎2024-10-17 11:05 AM
In response to ibrown
Jump to solution

The procedure is different for centrally managed SMB appliances: https://support.checkpoint.com/results/sk/sk119415 

View solution in original post

7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-10-17 05:30 AM
Jump to solution

Locally or centrally managed?

In advanced settings there is an option to source locally generated traffic from the internal address as an option.

"Use Internal IP address for encrypted communications from the local gateway"

Other options exist but may add unnecessary complexity in configuration 

CCSM R77/R80/ELITE
ibrown
Contributor
‎2024-10-17 05:43 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris, this is a spark 1570 R81.10.08, and centrally managed. However the only option in advanced I can see is '
DHCP relay - Use internal IP addresses as source'

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-17 11:05 AM
In response to ibrown
Jump to solution

The procedure is different for centrally managed SMB appliances: https://support.checkpoint.com/results/sk/sk119415 

ibrown
Contributor
‎2024-10-18 03:25 AM
In response to PhoneBoy
Jump to solution

Brilliant thank you ! Tested and works

0 Kudos
ibrown
Contributor
‎2024-10-21 02:14 AM
In response to ibrown
Jump to solution

Anyone know if this is possible on a 3000 appliance ?

I have three 3200s running R81.20 - Build 011

They are centrally managed so the setting is not available and the kernel setting does not seem available

Set operation failed: failed to get parameter fw_enc_conns_use_internal
set: Operation failed
/bin/cpfw_start: line 12: 29398 Killed $FWDIR/bin/fw "$@"

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-21 10:12 AM
In response to ibrown
Jump to solution

This is specific to SMB.
I don't believe it has an equivalent on regular gateway but perhaps a specific NAT rule will achieve the desired result?

0 Kudos
ibrown
Contributor
‎2024-11-04 07:33 AM
In response to PhoneBoy
Jump to solution

Thank you, I shall try that.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events