Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nucleo
Participant
Jump to solution

Checkpoint 1570 Site to Site VPN with Sonicwall Not Working with Hostnames

Dear All,

 

I am having issue with my Checkpoint SMB 1570 when creating site to site with Sonicwall.

 

My Sonicwall has DYNAMIC WAN. When i key in the IP address, the site to site will be active and no issue but when i change to hostname with Dynamic DNS the tunnel will change to not yet initialised and give me a weird IP address on the VPN tunnel page.

 

Let me know what i did wrong.

 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Did you configure things similar to: https://support.checkpoint.com/results/sk/sk112213?
I realize the remote end is Sonicwall, but the settings on your end should be similar.
Otherwise, please provide screenshots of precisely what you've configured (sensitive details redacted).

View solution in original post

19 Replies
PhoneBoy
Admin
Admin

Did you configure things similar to: https://support.checkpoint.com/results/sk/sk112213?
I realize the remote end is Sonicwall, but the settings on your end should be similar.
Otherwise, please provide screenshots of precisely what you've configured (sensitive details redacted).

the_rock
Legend
Legend

Isnt this same thing you posted yesterday?

https://community.checkpoint.com/t5/General-Topics/Checkpoint-1570-Site-to-Site-VPN-with-Sonicwall-N...

By the way, you need to follow the guide to configure this with the cert, as per link Chris and I gave you. Also, link @PhoneBoy provided is literally same screenshots, was probably written of the community link. Either way, thats what you HAVE TO follow to make this work, otherwise, it will never work with PSK. 

Andy

0 Kudos
PhoneBoy
Admin
Admin

Yes it was and I merged the threads. 🙂

0 Kudos
the_rock
Legend
Legend

Hm...does not sound like thats something you can control on CP side. I had seen sonicwall GUI once in my life and it confused the bejesus out of me : - ). But, based on last thing you said, it makes sense why this happens, as CP would never recognize the new IP address once it changes.

0 Kudos
Nucleo
Participant

The issue is happening on CP 1570 side.

 

The sonicwall has no issue accepting hostname.

0 Kudos
the_rock
Legend
Legend

Maybe simple diagram would help. Sorry, but Im not understanding how issue can be on CP side. On Check Point, if it happens to use dynamic IP, then you set up S2S with certificate, otherwise it would never work. If its static IP, then you configure it as you normally would. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What authentication method are you using for the VPN/tunnel?

CCSM R77/R80/ELITE
0 Kudos
Nucleo
Participant

Im using Preshared key.

0 Kudos
the_rock
Legend
Legend

Thats never gonna work with dynamic IP.

Nucleo
Participant

I see okay can share me any link that can help me setup the S2S with certificate with Sonicwall?

 

0 Kudos
the_rock
Legend
Legend

In my humble opinion,  WAY BETTER than any official guide you will find.

Hope it helps.

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/HowTo-Set-Up-Certificate-Based-VPNs-with-Check...

Chris_Atkinson
Employee Employee
Employee

Per sk167473:

FAQ.png

CCSM R77/R80/ELITE
G_W_Albrecht
Legend Legend
Legend

sk167473 is not available anymore - or has it been replaced by another SK ?

 
kind regards,
 
-- 
Guenther Albrecht
CCSE CCTE CCME CCSM Elite SMB Specialist
Arrow ECS GmbH  A-1100 Wien, Wienerbergstrasse 11
Tel: +43 1 370 94 40 325                     Fax: +43 1 370 94 40-333
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
0 Kudos
G_W_Albrecht
Legend Legend
Legend

I see - i can not find it using search, but https://support.checkpoint.com/results/sk/sk167473 works - strange, i gave feedback to it...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Not sure what to tell you mate...for me, works no matter what sk I search.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

NOw it does that also for me again - strange issue...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Just tested, fine for me.

Andy

0 Kudos
PhoneBoy
Admin
Admin

Seems like we had some issues with searches in general with SupportCenter over the last couple days.
I believe these have been resolved now.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events