Hello everyone,
I created this post today to ask about the Site-to-Site VPN issue.
Product: Checkpoint Quantum Spark 1590(SMB)
Environment: Agricultural (Farm) areas.
Central Management on Infinity Portal
These Farms are located in the highlands, so sudden power outages often occur. Despite this, the 1590 appliances at the Farms still function normally, except in one area:
- On a day like every other day, after the "DakNong" Farm site had a power outage -> and when the power came back on, the Firewall 1590 started up, we saw that the Site-to-Site VPN connection to the DataCenter was lost, even though we didn't change any configuration.
- Log when the connection is lost shows IKE failed:
- Using "fw ctl zdebug drop | grep" shows: "tunnel is not yet established"
- This problem usually occurs in this "DakNong" Farm area for about 1 - 2 months:
+ first time on "January 12, 2024"
+ the second time on "April 28, 2024"
+ third time on "May 30, 2024"
- My solution is usually to upgrade the firmware & hotfix + reboot, and after rebooting, all connections are working again, VPN Tunnel to DC is active, and no more problems occur.
The configuration on those 1590 appliances in these areas is similar, using the same policy, VPN community, firmware version, etc. But why only 1590 appliance at "Daknong" area have this problem?
Please can you give me an answer to this problem?
Because every time an incident occurs I have to explain it to my boss, and my boss didn't agree with the explanation because the power outage led to problems with the appliance. Because the other 1590 appliances in other areas also had a power outage but operated normally.
Thanks & Best Regards.