This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wyman
Contributor
‎2021-02-16 08:50 AM
Jump to solution

Domain Based VPN Domain Routing Questions

Hi everyone. I'm trying to setup routing from a branch office to AWS via another office. I've read up on Domain Based VPN and I have some questions about it. All of our gateways are in a meshed community. On the CP article it mentions that the 'accept all encrypted traffic' box should be set within the community settings (we have it unticked).

Is this going to break VPN tunnels between all of our offices if I do this? I understand that I need to edit the vpn_routing.conf file on the security management server and then install policy on the relevant gateway.

I have also read from other sources that the subnet in AWS will have to be added to the VPN domain of the gateway that the branch gateway forwards the traffic to/receives from. Is this correct?

Finally, if I only make the change to the conf file on the SMS, how likely is it that something will go wrong? I've not done this before so I don't want to bring everything crashing down!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-02-16 10:13 PM
Jump to solution

accept all encrypted traffic” shouldn’t break VPN tunnels and you will need to add the relevant AWS subset to the encryption domain of the relevant gateway.

If you edit the file incorrectly and push to the gateways, there is a risk it could be disruptive.
You might want to do it during a maintenance window.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2021-02-16 10:13 PM
Jump to solution

accept all encrypted traffic” shouldn’t break VPN tunnels and you will need to add the relevant AWS subset to the encryption domain of the relevant gateway.

If you edit the file incorrectly and push to the gateways, there is a risk it could be disruptive.
You might want to do it during a maintenance window.

0 Kudos
Wyman
Contributor
‎2021-03-01 05:35 AM
In response to PhoneBoy
Jump to solution

Thanks PhoneBoy. The change was made and, although traffic isn't successfully passing through yet, there aren't any major issues as a result of the change!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top