Dear Members,
Currently, I have a Site-to-Site VPN connecting the HQ site, which utilizes a Checkpoint Quantum Spark 1550 appliance, to the Branch site,which employs a Palo Alto 220. Phase 1 lifetime set 8 hour in both and Phase 2 lifetime set 1 hour in both firewalls.
The tunnel is up and running, but during a recent blackout at the HQ site that lasted for an hour, the VPN tunnel went down. Once power was restored, the VPN tunnel reestablished itself. However, a new problem emerged - after a few minutes, the tunnel began going down and up frequently.
To address this issue, I attempted to clean both Phase 1 and Phase 2 from the HQ site (using Checkpoint) by using the CLI command "vpn tunnelutil 0." After executing this command, the tunnel remained stable for the entire day.
I am uncertain whether this is beyond my knowledge of both firewalls for troubleshooting. The UDP timeout session for both firewalls is set to 30 seconds. How can I resolve these issues without resorting to running the CLI command "vpn tunnelutil 0"? This is crucial as blackouts occur four times a day in our country.
Please, could you kindly help me with these issues?
Is SMB locally or centrally managed? I would also contact TAC for this, but maybe before you do, upgrade SMB appliance to the latest firmware, as Im sure that will be siggested.
Make sure in smart console, when you go to blobal properties -> advanced -> configure -> vpn -> ike, keep ike SAs is enabled
I would also check below
Best,
Andy
Dear The Rock,
It's locally managed and current version is latest.
As I understand it, Tunnel Health Monitoring, specifically the 'Tunnel Test' (Checkpoint Proprietary), is employed when both sides of the firewall are Checkpoint. My current design, however, involves a connection from Checkpoint to Palo Alto. Is my understanding correct, and is this why I am utilizing the 'Tunnel Test'?
Should i also contact TCA for this?
Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
