Site to Site VPN Issue (Checkpoint to Fortigate)

Dim134267

Dear All,

Good day,

The past 6 months I have been experiencing an issue with a VPN tunnel I have between two offices, Site A has a Checkpoint 1550 (R81.10.17 ) and site B has a Fortigate 80F (7.4.5 Build 2702). Users from site A need access to site B in order to access programs and folders they need(nothing special). Even though I have checked numerous times the configuration on both machines, and even though the tunnel appears to be active from both sides, I can't reach site A from site B and vice versa(ping, traceroute, RDP). The funny thing is, is that the problem fixes itself some of the times, either randomly or due to a reboot of the machines. I am not that familiar with firewalls in general, and that is why I came here to seek assistance from the experts. I can provide you with any information you might need, that will lead to a permanent solution.

Awaiting yours.

PhoneBoy

There should be corresponding log entries on both ends that correlate with the drops, which I suspect are caused by misconfigured settings on one or both ends.
This behavior, absent further details, sounds like the various timers are set differently on both ends; they need to agree.

General VPN debugging on the Check Point side: https://support.checkpoint.com/results/sk/sk180488
Common issues with Check Point and other vendors: https://support.checkpoint.com/results/sk/sk108600

the_rock

Hey @Dim134267

We are here to help, no worries. I had done many FGT to CP tunnels, so Im fairly familiar on that subject. For starters, lots of people may just leave fgt side as universal, 0.0.0.0/0. Is that how its configured? What about cp end? Is tunnel management in vpn community set per subnet, gw or host?

Any relevant logs you can share?

Andy

Are you a member of CheckMates?

Site to Site VPN Issue (Checkpoint to Fortigate)