This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marquevis
Contributor
Tuesday

VPN Domain and VPN VTI

Hello,

I have a customer with several locally managed SMB gateways. Each SMB gateway has at least 03 VPN DOMAIN. The need arose to configure some VTI VPN. In the documentation, VTI VPN requires that the tunnel is per gateway pair. In the SMB gateway settings I  only find this setting globally. I cannot change this configuration globally, because VPN DOMAIN will be unavailable. I need to find a way to configure VPN DOMAIN and VPN VTI on the SMB gateway, without changing this configuration globally.

0 Kudos
13 Replies
the_rock
Legend
Legend
Tuesday

Let me spin up quick smb spark demo and see.

Andy

0 Kudos
the_rock
Legend
Legend
Tuesday

Hey, not sure what was the setting you were referring to, but is it possible its below?

Andy

Screenshot_2.png

0 Kudos
Marquevis
Contributor
Tuesday
In response to the_rock

Hello the_rock.

The configuration I'm referring to is the one below.

VPN.png

One of the requirements for configuring VTI is that we use gateway pair configuration.

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to Marquevis

My apologies, I cant seem to find that in demo I spun up, but will check again. So you are saying thats global option?

Andy

0 Kudos
Marquevis
Contributor
Tuesday
In response to the_rock

Yes, it is a global configuration.

I need to find a way to do this configuration on each VPN site. Some VPNs will have a subnet pair and others will have a gateway pair.

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to Marquevis

So sorry I dont have access to real smb device to test : - (. Is there any setting on specific vpn tunnel that would let you change it or this is the only place?

Andy

0 Kudos
Marquevis
Contributor
Tuesday
In response to the_rock

This is exactly what I'm looking for. It seems to me that there is only this global configuration.

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to Marquevis

Got it. Are you allowed to do remote? I really want to try and help with this, because I have a gut feeling might be possible.

Andy

0 Kudos
Marquevis
Contributor
Tuesday
In response to the_rock

Unfortunately, our internal policy does not allow this.

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to Marquevis

Understood. So, if you edit any given vpn tunnel, you dont see option to change this individually at all?

Andy

0 Kudos
Marquevis
Contributor
Tuesday
In response to the_rock

Correct, I don't see any option to change this individually.

If this option exists, it must be within some configuration file in the shell.

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to Marquevis

Maybe SMB master @G_W_Albrecht might know? Otherwise, I would recommend asking TAC via official case. I will keep checking in the meantime, just bit tricky with demo, as I cant seem to get RDP to open in full screen.

Andy

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to Marquevis

I just created bogus tunnel and sadly, cant see option anywhere in the settings similar to below in smart console community.

Andy

Screenshot_1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events