This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ITSOU-SVC
Explorer
‎2024-09-27 08:42 AM
Jump to solution

Multiple VTI tunnels with BGP to third party from Quantum Spark - no SmartConsole or Communities

Hi all,

Checkpoint Noob here.  Have been tasked with configuring a Spark 1570 running R81.10.10 - Build 945.

Requires:

Third party has 2 IPs so we need two tunnels.

BGP required, therefore VTI required.

I do not have access to SmartConsole (that I know of) or Communities (that I know of - is that an add-on product?)

I feel like the setup is going to be very similar to this:

https://support.checkpoint.com/results/sk/sk108958?source=sf&permanentid=baa13175f30b7728dd338ab071c...

I used the above guide to setup the tunnels successfully in Gaia but I don't have access to the SmartConsole to configure the Interoperable device (is not a object type in Gaia GUI).  I created a normal host object instead - don't know if that's going to work.

I don't have Communities apparently with the license for this device so I cannot setup the communities part. Can that portion be setup using Gaia command line?  

Am I going to have to figure out how to add a license to use Communities?  Feeling very ignorant at the moment.

Thanks.

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-09-30 07:11 AM
Jump to solution

VPN Communities and Interoperable Objects are only relevant when managed with a Smart-1, which is not the case for a locally managed device.
You can set up VTIs in Device > Network > Local Network > New > VPN Tunnel (VTIs).
You can set up the peer in VPN > Site to Site > VPN Sites.

View solution in original post

0 Kudos
ITSOU-SVC
Explorer
‎2024-10-03 01:14 PM
In response to G_W_Albrecht
Jump to solution

Was able to engage Check Point support. It turns out that in our case to use the redundant tunnels we need to use MEP, which can be used with DPD instead of RDP (Check Point proprietary), however, to use MEP with our device requires centrally managed system like SmartConsole.  We are going to work with the third party to just use a single tunnel. 😞

View solution in original post

0 Kudos
3 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-09-30 12:32 AM
Jump to solution

You use a loclly managed Spark 1570 running R81.10.10, so you have no SmartConsole and only Embedded GAiA.

Documentation:

 

Better look here for VPN with AWS:  sk111733: How to configure Site-to-Site VPN between Amazon Web Services and locally managed SMB appl...

Besides: Can we move this post to Spark/SMB, @PhoneBoy , @_Val_ ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ITSOU-SVC
Explorer
‎2024-10-03 01:14 PM
In response to G_W_Albrecht
Jump to solution

Was able to engage Check Point support. It turns out that in our case to use the redundant tunnels we need to use MEP, which can be used with DPD instead of RDP (Check Point proprietary), however, to use MEP with our device requires centrally managed system like SmartConsole.  We are going to work with the third party to just use a single tunnel. 😞

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-30 07:11 AM
Jump to solution

VPN Communities and Interoperable Objects are only relevant when managed with a Smart-1, which is not the case for a locally managed device.
You can set up VTIs in Device > Network > Local Network > New > VPN Tunnel (VTIs).
You can set up the peer in VPN > Site to Site > VPN Sites.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events