VPN Mesh Tunnel Question on On-Premise Smart-1 ser...

rdiaz

Greetings CheckMates,

I'm still fairly new to Check Point and trying to understand how the VPN Tunnels work the Quantum Spark world of firewalls.

I had an incident today where my internet connection went down (this is where my Smart-1 Server lives/on-premise with 2-HA Pair of 1600s firewall). I noticed that none of my mesh connections worked during the outage (between other sites since I have about 7 of them). Is the Smart-1 keeping those connections alive and if for any reason the Smart-1 server goes down the mesh goes down with it?

and if this is so, how can I create a mesh network that doesn't rely on the Smart-1 server or do I need to go Cloud with Check Point to avoid this from happening?

Any input is very appreciated. 🙂

PhoneBoy

One management dependency for VPNs is the Internal Certificate Authority.
If the management is down for an extended period of time, this will cause VPNs to fail since they cannot access the CRL...which is located on the management.
This is described here: https://support.checkpoint.com/results/sk/sk100731

You have a couple options here:

Use a third-party CA and certificates (which don't have a dependency on the management, but must be managed manually)
Disable CRL checking, which is not recommended: https://support.checkpoint.com/results/sk/sk21156

rdiaz

understood! thank you for the prompt reply! 🙂

Are you a member of CheckMates?

VPN Mesh Tunnel Question on On-Premise Smart-1 server/Quantum Spark 1600 Firewalls