This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
handiansudianto
Advisor
‎2024-02-19 07:26 PM

VPN Site to Site

Hello,

I build VPN site to Site to our vendor, and for local subnet/host they use public ip let say 15.15.15.15, actually they talk the ip 15.15.15.15 is in they internal network.

Now the site to site already configure from my end on checkpoint, and from my internal server when i try ping to 15.15.15.15 the CP route this traffic to the internet and not to the tunnel.

So i want to know can we monitor if we have multiple site to site tunnel, which one is up and which one is down?

Also, there are possibility the traffic routed to the internet because from other side (vendor) have wrong configuration or not permit our internal server to access to 15.15.15.15 or by default the checkpoint will route all destination which use public ip to internet?

0 Kudos
3 Replies
AmirArama
Employee
Employee
‎2024-02-20 05:54 AM

Hi,

please mention which platform and OS version you are running, and is it centrally or locally managed.

did you configure 15.15.15.15 in the vpn domain of the vpn peer object (network>vpn domain) ?

do you see 15.15.15.15 running the command: fw tab -t vpn_routing -u -f  ?

to display VPN tunnels, you can run 'vpn tu' (then use 1/2) or vpn tu tlist command

 

0 Kudos
the_rock
Legend
Legend
‎2024-02-20 09:23 AM
In response to AmirArama

Thanks for that command fw tab -t vpn_routing -u -f @AmirArama , never knew of it, super useful.

Best,

Andy

the_rock
Legend
Legend
‎2024-02-20 09:05 AM

To me, just logically thinking about it after I read your post, sounds like a routing issue. Can you verify what route its taking when you try reach the IP on the other side?

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events