This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
emytjls
Explorer
‎2020-05-12 07:34 AM

IPSec VPNs from 2 Separate Gateways to a single Satellite Gateway

Hi,

After some advice on the best config for this scenario. 

I have a single management server managing 2 separate Checkpoint firewalls. I need to setup the following:

1) VPN from one Checkpoint firewall to a 3rd party Fortinet Satellite gateway to allow access to subnet 192.168.1.0/24

2) VPN from the other Checkpoint firewall to the same 3rd party Fortinet Satellite gateway to allow access to subnet 192.168.2.0/24

I've created an interoperable device for the Fortinet gateway and configured it's encryption domain to include both the subnets above. I've then created 2 VPN communities, one for each CheckPoint. The issue is that the Fortinet is not accepting the proposal as it is only expecting a single subnet to be included in each VPN community.

What's the best way to do this? Should I create 2 separate objects for the Fortinet and set different encryption domains for each of them or is there a cleaner solution?

All CP devices running 80.20 build 101

Thanks in advance 🙂

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-05-14 10:33 AM

The issue is caused by supernetting most likely.
See scenario 1 here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top