This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chris27
Explorer
‎2023-12-12 03:33 AM

Help with Meshed VPN Community and Routing

Hi, 

 

We have two sites (site A and site B) that are linked via a meshed checkpoint community. 

Site A has a Juniper site to site VPN which links to out main corporate network. From there we have dedicated links to azure and AWS. 

Site A can get access to the AWS/Azure stuff fine as we have a static route pointing the traffic at the SRX. 

Site B can't access anything in our AWS/Azure and keeps trying to send it via the internet as the addressing stars with 100.x.x.x

I have tried static routes on the sites B checkpoint but when viewing the logs it is not trying to take the VPN at all. 

Any tips would be appreciated as this is an inherited checkpoint that we don't normally deal with. 


Thanks

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-12-14 04:21 PM

Version/JHF?
Is this Route-based VPN (using VTIs) or Domain?
Do you manage Site B or is it managed by a third party?

0 Kudos
Chris27
Explorer
‎2023-12-15 01:19 AM
In response to PhoneBoy

Version 80.40 on both. 

It looks like VPN Domain/Communities?

We are managing both sites now. 

0 Kudos
JoSec
Collaborator
‎2023-12-15 05:49 AM
In response to Chris27

If you are utilizing a Domain Based VPN, interesting traffic will be defined in your VPN domain object applied to your Checkpoint gateway which you will have to include the IP addresses, subnets, etc,. to make sure the traffic is tunneled via the site to site VPN. You will also have to have your VPN community defined, the appropriate rule to allow the traffic and define in the same rule what VPN community to utilize. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events