Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vitaliy_Isaenko
Explorer

Allow an encrypted communication channel between servers

Hi, i'm Vitaliy

IPSEC vpn is installed between 2 branches on virtual gateways c R80.40 and R81.10. each of the branches hosts software components that communicate with each other via an encrypted communication channel based on ipsec ESP (this is the developer's requirement). How do I allow the establishment of an encrypted channel inside an existing tunnel?
If you need screenshots of the settings, I will provide them.

0 Kudos
17 Replies
PhoneBoy
Admin
Admin

Pretty sure what you’re asking for is an RFE.

0 Kudos
Vitaliy_Isaenko
Explorer

Hi, PhoneBoy! Excuse my ignorance, but can't you explain what "RFE" means?

0 Kudos
the_rock
Legend
Legend

It means request for enhancement...something that is not implemented, but can be requested.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Though, not to be a debbie downer as they say ( : - ), but the way these work with ANY vendor out there is that they would most likely consider it ONLY if there are enough customers asking for it and there is a business need for it. Otherwise, they wont bother...but, you are certainly welcome to submit it, that costs no money : - )

0 Kudos
the_rock
Legend
Legend

I think if you give the screenshots, it may help.

0 Kudos
Vitaliy_Isaenko
Explorer

Hi, the_rock. Screenshots of which settings should I provide? I will provide the general ones to begin with and if something is missing, then specify which ones to add.

0 Kudos
the_rock
Legend
Legend

K, sorry, maybe I misunderstood your request...what EXACTLY are they asking you to do?

0 Kudos
Vitaliy_Isaenko
Explorer

Hi!
The task boils down to the following: it is necessary to ensure the passage of encrypted traffic over the ESP protocol inside an ipsec tunnel installed between two Check Point security gateways. I have published screenshots of one security gateway with the settings made. On the second one they are similar except for the ip address on the external interface

0 Kudos
_Val_
Admin
Admin

Hi, although it is a good idea to discuss the requirements here, the actual RFE process is different.

To submit an RFE, use the following URL:

https://www.checkpoint.com/rfe/rfe.htm

 

Please provide:

  • A brief description of the requested change
  • Contact Information
  • Detailed description of the problem or circumstances leading to the requested change
  • Product/Version
  • OS
0 Kudos
Vitaliy_Isaenko
Explorer

Hi, _Val_! 

It turns out that the problem we encountered during setup is a temporary limitation of Gaia functionality?

The link to RFE is not working, below is a screenshot

0 Kudos
_Val_
Admin
Admin

Correct, the link is down, I have alerted the relevant team. 

Could you please elaborate on "a temporary limitation of Gaia functionality" statement?

0 Kudos
Vitaliy_Isaenko
Explorer

We are faced with the problem of establishing an encrypted connection between two components of a software product inside an ipsec tunnel between Check Point security gateways.
I understand that "RFE" implies a revision of the OS functionality that does not work correctly. If I put it wrong, then correct me

0 Kudos
G_W_Albrecht
Legend Legend
Legend

What you ask for is easily accomplished - contact TAC to resolve it, the few details explained here give us no clues whatever...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Allow communication for all needed services for each component - then all will be routed thru VPN. What exactly is the error or issue you have ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Vitaliy_Isaenko
Explorer

Hi, G_W_Albrecht!

If we are talking about setting up an access control policy, then in our case there are no restrictions on services inside the tunnel.

0 Kudos
the_rock
Legend
Legend

I agree with @G_W_Albrecht ...I cant seem to come up with any other way.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

What exactly is the error or issue you have ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Vitaliy_Isaenko
Explorer

Hello everyone!
Thank you for your time and advice. As it turned out, the problem was not in the settings of the security gateways, but in a software product that used an encrypted tunnel between its components. As for the Check Point security gateways themselves, they allow you to build another encrypted tunnel inside the Site-to-Site VPN without any problems.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events