Create a Post
Showing results for 
Search instead for 
Did you mean: 

IPSec VPNs from 2 Separate Gateways to a single Satellite Gateway


After some advice on the best config for this scenario. 

I have a single management server managing 2 separate Checkpoint firewalls. I need to setup the following:

1) VPN from one Checkpoint firewall to a 3rd party Fortinet Satellite gateway to allow access to subnet

2) VPN from the other Checkpoint firewall to the same 3rd party Fortinet Satellite gateway to allow access to subnet

I've created an interoperable device for the Fortinet gateway and configured it's encryption domain to include both the subnets above. I've then created 2 VPN communities, one for each CheckPoint. The issue is that the Fortinet is not accepting the proposal as it is only expecting a single subnet to be included in each VPN community.

What's the best way to do this? Should I create 2 separate objects for the Fortinet and set different encryption domains for each of them or is there a cleaner solution?

All CP devices running 80.20 build 101

Thanks in advance 🙂


0 Kudos
1 Reply

The issue is caused by supernetting most likely.
See scenario 1 here:
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events