This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StevePearson
Advisor
‎2025-11-06 12:34 PM
Jump to solution

Certificate based S2S with Palo Alto

I've been working on a problem with a customer that is trying to establish a site to site VPN with a Palo Alto gateway where the other end is insisting on this being authenticated by certificate not shared secret.

They provided their CA cert which was imported into the SMS and a CSR was then generated. This was sent back to them for signing and we installed the signed certificate they returned without any problem.

We then created the VPN ensuring that all the provided parameters match but the tunnel refuses to come up. Running a debug is showing that the Authentication has failed. I'm struggling to find anything wrong and they are having the same problem at the other end on the Palo too, they see the authentication failure but can't identify the reason. They are also saying that they have not encountered this with any other gateways but this is the first time they have tried it with a Checkpoint.

The Customer has collaborative support and they just keeps asking for more debugs, saying that they can see the auth failure but can't see a reason, so pretty much the same as I've found too, but until they exhaust all their ideas they won't open the case with TAC.

Before I go deeper into debugging, I seem to recall seeing an article fairly recently relating to this exact issue, certificate based S2S VPN with Palo Alto, and it being an issue with the decryption of the certificate that has been resolved in R82, however I cannot find this article now. (It was a very brief glance so I may be off the mark with this, but don't want to waste my time troubleshooting if this is indeed a known issue).

Is anyone aware of this issue at all or aware of the article?

Thanks

0 Kudos
1 Solution

Accepted Solutions
3 Replies
PhoneBoy
Admin
Admin
‎2025-11-06 01:22 PM
Jump to solution

Perhaps it's this (thanks @CaseyB😞 https://community.checkpoint.com/t5/Security-Gateways/PSA-Check-Point-and-Palo-Alto-GCM-Phase-1/m-p/... 

StevePearson
Advisor
‎2025-11-10 10:14 AM
In response to PhoneBoy
Jump to solution

Perfect, thank you 😀

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events