- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: Multiple VTI tunnels with BGP to third party f...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multiple VTI tunnels with BGP to third party from Quantum Spark - no SmartConsole or Communities
Hi all,
Checkpoint Noob here. Have been tasked with configuring a Spark 1570 running R81.10.10 - Build 945.
Requires:
Third party has 2 IPs so we need two tunnels.
BGP required, therefore VTI required.
I do not have access to SmartConsole (that I know of) or Communities (that I know of - is that an add-on product?)
I feel like the setup is going to be very similar to this:
I used the above guide to setup the tunnels successfully in Gaia but I don't have access to the SmartConsole to configure the Interoperable device (is not a object type in Gaia GUI). I created a normal host object instead - don't know if that's going to work.
I don't have Communities apparently with the license for this device so I cannot setup the communities part. Can that portion be setup using Gaia command line?
Am I going to have to figure out how to add a license to use Communities? Feeling very ignorant at the moment.
Thanks.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN Communities and Interoperable Objects are only relevant when managed with a Smart-1, which is not the case for a locally managed device.
You can set up VTIs in Device > Network > Local Network > New > VPN Tunnel (VTIs).
You can set up the peer in VPN > Site to Site > VPN Sites.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was able to engage Check Point support. It turns out that in our case to use the redundant tunnels we need to use MEP, which can be used with DPD instead of RDP (Check Point proprietary), however, to use MEP with our device requires centrally managed system like SmartConsole. We are going to work with the third party to just use a single tunnel. 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You use a loclly managed Spark 1570 running R81.10.10, so you have no SmartConsole and only Embedded GAiA.
Documentation:
Better look here for VPN with AWS: sk111733: How to configure Site-to-Site VPN between Amazon Web Services and locally managed SMB appl...
Besides: Can we move this post to Spark/SMB, @PhoneBoy , @_Val_ ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was able to engage Check Point support. It turns out that in our case to use the redundant tunnels we need to use MEP, which can be used with DPD instead of RDP (Check Point proprietary), however, to use MEP with our device requires centrally managed system like SmartConsole. We are going to work with the third party to just use a single tunnel. 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN Communities and Interoperable Objects are only relevant when managed with a Smart-1, which is not the case for a locally managed device.
You can set up VTIs in Device > Network > Local Network > New > VPN Tunnel (VTIs).
You can set up the peer in VPN > Site to Site > VPN Sites.