Hello the_rock.

The configuration I'm referring to is the one below.

One of the requirements for configuring VTI is that we use gateway pair configuration.

My apologies, I cant seem to find that in demo I spun up, but will check again. So you are saying thats global option?

Andy

Yes, it is a global configuration.

I need to find a way to do this configuration on each VPN site. Some VPNs will have a subnet pair and others will have a gateway pair.

So sorry I dont have access to real smb device to test : - (. Is there any setting on specific vpn tunnel that would let you change it or this is the only place?

Andy

This is exactly what I'm looking for. It seems to me that there is only this global configuration.

Got it. Are you allowed to do remote? I really want to try and help with this, because I have a gut feeling might be possible.

Andy

Unfortunately, our internal policy does not allow this.

Understood. So, if you edit any given vpn tunnel, you dont see option to change this individually at all?

Andy

Correct, I don't see any option to change this individually.

If this option exists, it must be within some configuration file in the shell.

Maybe SMB master @G_W_Albrecht might know? Otherwise, I would recommend asking TAC via official case. I will keep checking in the meantime, just bit tricky with demo, as I cant seem to get RDP to open in full screen.

Andy

I just created bogus tunnel and sadly, cant see option anywhere in the settings similar to below in smart console community.

Andy

The checkpoint instructed me to configure the unnumbered VTI.

https://support.checkpoint.com/results/sk/sk121740

Thats fine, but not sure if that really addresses your issue specifically?

Andy

Though, now that I read that sk again @Marquevis , appears it should help, since its related to individual vpn tunnel.

Andy