Dear Members,
Currently, I have a Site-to-Site VPN connecting the HQ site, which utilizes a Checkpoint Quantum Spark 1550 appliance, to the Branch site,which employs a Palo Alto 220. Phase 1 lifetime set 8 hour in both and Phase 2 lifetime set 1 hour in both firewalls.
The tunnel is up and running, but during a recent blackout at the HQ site that lasted for an hour, the VPN tunnel went down. Once power was restored, the VPN tunnel reestablished itself. However, a new problem emerged - after a few minutes, the tunnel began going down and up frequently.
To address this issue, I attempted to clean both Phase 1 and Phase 2 from the HQ site (using Checkpoint) by using the CLI command "vpn tunnelutil 0." After executing this command, the tunnel remained stable for the entire day.
I am uncertain whether this is beyond my knowledge of both firewalls for troubleshooting. The UDP timeout session for both firewalls is set to 30 seconds. How can I resolve these issues without resorting to running the CLI command "vpn tunnelutil 0"? This is crucial as blackouts occur four times a day in our country.
Please, could you kindly help me with these issues?
Is SMB locally or centrally managed? I would also contact TAC for this, but maybe before you do, upgrade SMB appliance to the latest firmware, as Im sure that will be siggested.
Make sure in smart console, when you go to blobal properties -> advanced -> configure -> vpn -> ike, keep ike SAs is enabled
I would also check below
Best,
Andy
Dear The Rock,
It's locally managed and current version is latest.
As I understand it, Tunnel Health Monitoring, specifically the 'Tunnel Test' (Checkpoint Proprietary), is employed when both sides of the firewall are Checkpoint. My current design, however, involves a connection from Checkpoint to Palo Alto. Is my understanding correct, and is this why I am utilizing the 'Tunnel Test'?
Should i also contact TCA for this?
| User | Count |
|---|---|
| 4 | |
| 4 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Tue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topThu 07 Nov 2024 @ 05:00 PM (CET)
What's New in CloudGuard - Priorities, Trends and Roadmap InnovationsTue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaS
