- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi Folks,
I have total around 12 VPN Tunnels running on 5900; all are Policy/Domains based VPN. I have been asked to move and see the possibiities one Tunnel out of those 12 to One VPN tunnel per Gateway Pair.
Wondering what could be the consequences on other tunnels then? Since I know One VPN tunnel per Gateway pair means CP will start sending/accepting 0.0.0.0/0.
TIA
Blason R
G_W_Albrecht
Where did you learn that 0.0.0.0 thing ? According to Site to Site VPN Administration Guide R80.30 p.94 :
VPN Tunnel Sharing provides greater interoperability and scalability by controlling the number of VPN tunnels created between peer Security Gateways. Configuration of VPN Tunnel Sharing can be set on both the VPN community and Security Gateway object.
• One VPN Tunnel per each pair of hosts - A VPN tunnel is created for every session initiated between every pair of hosts.
• One VPN Tunnel per subnet pair- Once a VPN tunnel has been opened between two subnets, subsequent sessions between the same subnets will share the same VPN tunnel. This is the default setting and is compliant with the IPsec industry standard.
• One VPN Tunnel per Security Gateway pair - One VPN tunnel is created between peer Security Gateways and shared by all hosts behind each peer Security Gateway.
Surprising!! I last time done the debug and vpnd.elg was showing 0.0.0.0/0 and setting was One VPN Tunnel Per Gateway pair. I guess even @PhoneBoy has suggested it to move to per subnet pair and it resolved.
So in that case it should not be an issue moving to that setting for one tunnel, right?
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY