This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Raymond_Poede
Participant
‎2017-11-22 02:00 AM

vpn warning: VPN-1 has reached its tunnel capacity

Hi All,

One of our decentralize Firewall Cluster (type 1180) gives the following information info:

vpn warning: VPN-1 has reached its tunnel capacity

It's part of a VPN Star Community with our central gateways (12000) R77.30

Increasing the Optimizations on the Cluster Object for:

  • Maximum concurrent IKE negotiations

doesn't solve the problem.

We have other decentralize Firewall Clusters (also type 1180) who do not have this problem.

Does anyone knows what it means, and how to solve this? How can i debug it?

Regards,

Ray

0 Kudos
1 Reply
Timothy_Hall
Legend Legend
Legend
‎2017-11-22 07:51 AM

Your VPN Tunnel Sharing setting under Advanced Properties in the VPN Community is probably set to "pair of hosts", which creates a unique Phase 2 IPSEC tunnel for every possible combination of hosts that try to use the VPN.  "Pair of subnets" is more appropriate; if that is already selected consider the "one tunnel per gateway pair" setting.  Be careful changing this setting though as it can have a wide impact on VPN connectivity, best to do it during a maintenance window.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top