This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
paulraj29
Explorer
‎2024-08-24 10:54 PM

VPN and RIM Issue

 

HI urgent help need, 

 

We have firewall in Datacenter and SMB 1500 device in remote site, both are connected via S2S VPN tunnel, I did upgrade the Datacenter firewall from R81.10 to R81.20 Take 76 on Aug 6th. All of sudden on Aug 16th , VPN is up on remote site, but not able to reach the internal IPs. When i check the routes on Datacenter firewall, I don't see the routes for the remote sites. 

Basically, RIM is not working, It is not inserting the routes on to the DC routing table. VPN is up on both ends, but i suspects there is some issue on VPN that's the reason routes are not learning on DC firewall. can you advise on this, any bug on R81.20 Take 76?

0 Kudos
4 Replies
the_rock
Legend
Legend
‎2024-08-25 05:00 AM

I know usually cprestart or rebooting the fw would fix such an issue in the past, but if not, in the meantime, I would examine routed.log file to see if you find anything there.

Also, run cpwd_admin list, top and ps -auxw to verify all the processes show E 1.

Andy

0 Kudos
D_W
Advisor
‎2024-08-25 08:15 AM

When you have a cluster at the DC you can try a failover. Had this with R81.10 T131. And ALL S2S VPNs where affected on this cluster (all own managed CPs of our Domain)

(1)
the_rock
Legend
Legend
‎2024-08-25 09:03 AM
In response to D_W

Thats actually a really good idea.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-08-25 09:22 AM

One thing you can do, IF youn have backup/clish config (which I hope you do) is look through the config and see what RIM config shows when it worked and cimply copy it over and test.

MInd you, RIM is always configured through smart console vpn community, so Im sure that has not changed at all, but still, worth checking.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events