This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chaymosphere
Participant
‎2020-05-14 12:42 AM

Encryption Failure Failed to enforce VPN Policy (11)

Hi, I would like to ask if some of you ever encounter this scenario? I already did the sk106241 and based on TAC Engr. it is safe to run without rebooting the firewall. However, one of my segment did not take effect and it still encountering the same problem which is Failure Failed to enforce VPN Policy(11)

If you ever resolved this kind of issue, please advise what steps or procedures you did to solve this problem.

0 Kudos
5 Replies
Timothy_Hall
Champion
Champion
‎2020-05-14 05:53 AM

You seem to have an overlap in VPN domains between two or more of your managed firewalls that you need to fix. 

1) What does the command vpn overlap_encdom communities -s show?

2) Try these tools to get a better handle on your VPN domain definitions/routing:

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/One-liner-to-show-VPN-topology-on...

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Show-VPN-Routing-on-CLI/m-p/40216

 

New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com
chaymosphere
Participant
‎2020-05-15 03:19 AM
In response to Timothy_Hall

Thanks, I will update you once it works on the client's end

0 Kudos
chaymosphere
Participant
‎2020-05-25 09:08 PM
In response to Timothy_Hall

I would like to ask if this command "vpn overlap_encdom communities –s" is safe to run during the production?

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-05-26 05:48 AM
In response to chaymosphere

Yes, safe to run during production.

New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com
0 Kudos
CheckPointerXL
Advisor
‎2022-09-14 10:35 AM

Hi All,

i have same error.

The scenario is: VPN route based + PBR

My PBR says: src:Subnet X   dst:Subnet Y   gw:VTI IP

SK related to PBR says on limitation row that this is supported starting from 80.40

Any suggestion? 

0 Kudos