This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
Advisor
‎2024-06-20 02:05 AM

Domain VPN and route VPN

Hi

In S2S admin guide it says:

route-vs-domain.JPG

If I have several groups within my VPN domain used by different communities, all utilizing domain-based VPN, what will happen to those communities if I create a new community for route-based VPN and add an empty group to the VPN domain?

 

What does the yellow marked text mean?

route-vs-domain1.JPG

0 Kudos
3 Replies
796570686578
Collaborator
‎2024-06-20 03:56 AM

In the Gateway Settings you can define an Encryption Domain that will be used by every community per default. So whenever you create a new community, this encryption domain will be used.

But since recently(like like 2 years ago or so I think?) you can define alternative encryption domains for every community in Smart Console. And this is also what you need to do for Route-Based Tunnels. So you don't change the Encryption Domain in the Gateway Object directly(this would override the encryption domain of EVERY tunnel, which you don't want) but rather in the community settings like you showed by clicking on that "pencil icon". Then you can choose to use the "default" encryption domain or a custom one only specific to this tunnel.

 

What does the yellow marked text mean?

It just means that for this tunnel, it will use your "custom" domain and not the default encryption domain according to the gateway settings. You don't have to worry about your other tunnels 🙂

 

 

0 Kudos
Moudar
Advisor
‎2024-06-20 06:42 AM
In response to 796570686578

I am getting "VPN failed to resolve Gateway IP address" and it is a SMB gateway with dynamic IP

I have configured VTI on both sides, bot when trying to ping I get this: "VPN failed to resolve Gateway IP address"

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-20 12:49 PM
In response to Moudar

How are the Link Selection settings set in the relevant gateway objects?
Is this related to IPv6?
See: https://support.checkpoint.com/results/sk/sk132332

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events