Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hello, everyone.
A query, I currently have a S2S IPsec VPN deployed, but I wanted to know if to "test" the connectivity with the remote peer with a "ping" from the GW CLI, you need to have a security policy?
The IP of the remote peer is available from the Internet.
If you try to ping from any point of Internet 200.60.70.9 you can validate that the equipment responds to Internet, but from my GW (from the CLI), it does not answer me the PING.
Additionally, I wanted to validate the "negotiation of the packets exchanged" for the establishment of the VPN, with the command "tcpdump -penni any host <remote peer>", but I do not get any "result" in the console of the equipment, and I find it super weird.
The VPN is up, but I wanted to make sense of these things I'm talking about.
Thanks for any comments
Hello,
The JHF is Take 83, version R81.10
The remote pair is a Fortigate. Your Public IP of the remote peer is available to test connectivity from anywhere on the Internet.
If you test a PING from our Checkapoints Cluster, well, it just doesn't work, and according to the logs, it seems that it is because the traffic is being sent over the VPN, and it matches an IMPLIED RULE 0.
Is there any way to correct this behavior?
Is there a way to ping from the GW to a remote peer, as a validation process of the device, before starting to "deploy" a VPN?
cppcap, is there a tool to help me "test" the negotiation process for a VPN?
Any reference guide for cppcap?
Regards.
