This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
maad-pul
Participant
‎2021-09-20 06:59 AM

Could 3rd party VPN peer be a Check Point remote Interopable Device?

Hi,

When Check Point refer to "3rd party VPN peer" in documentation/SK, could that be a Check Point remote device?
We are dealing with a bug where customer don´t think the problem is related to the bug (sk165003) because the bug mention "3rd party VPN peer". Both ends (we and customer) running Check Point but the Check Point appliances are in totaly diferent management system etc. Whats your thought about "3rd Party peer"? Are "3rd Party peer" all vendors except Check Point or could it even be a Check Point (Interoptable Device) manged by a totaly different management plattform. 

Regards

 

 

0 Kudos
4 Replies
G_W_Albrecht
Legend
Legend
‎2021-09-20 07:05 AM

Does vpnd.elg show the errors from sk165003 ? Anyway, to install the newest Jumbos HFAs is suggested by CP for every deployment...

CCSE CCTE CCSM SMB Specialist
0 Kudos
maad-pul
Participant
‎2021-09-20 07:25 AM
In response to G_W_Albrecht

The other end are not patched (according to SK - Jumbo Hotfix Accumulator for R80.30 starting from Take 219 ) and I have not received logs or vpnd.elg from their end. Sorry! 😕 
They have a TAC-case just to verify if the problem is related to the bug or not, but haven´t recieved any feedback from TAC. 
Since weekend we have been falled back to Ikvev1 and the problem have not occurred yet. 

0 Kudos
Danny
Champion Champion
Champion
‎2021-09-20 07:25 AM

A 3rd party device is by definition is a non-Check Point device. Otherwise it wouldn't be a 3rd party.

That being said, an externally managed Check Point device can be integrated into your setup as an interoperable device object. I've seen that working several times though the correct way would be to add it as an externally managed Check Point VPN gateway object.

image.png

0 Kudos
the_rock
Legend
Legend
‎2021-09-20 07:32 AM

To answer your question, the answer is yes, BUT, probably not fully supported. So, I had seen people in the past use interoperable device object for CP appliance, but as @Danny indicated, by definition, 3rd party is non-CP appliance. Now, technically, if its CP device managed by another mgmt server, then you create externally managed object and that is a way to do it. Would that fix your problem? I have no idea, but its right way of doing it. If that fails, then you can engage TAC to troubleshoot further or run below debugs to check:

vpn debug trunc

vpn debug ikeon

generate traffic

vpn debug ikeoff

fw ctl debug 0

fw ctl debug -x

Check vpnd.elg files, as well as ike.elg in $FWDIR/log directory.

 

Hope that helps.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events