VPN site-to-site & DynamicIP

Moudar · ‎2024-05-20

Hi,

I'm hoping to get some information on integrating a new Check Point 1575 appliance into our existing Security Management Server (SMS) environment. We currently have a cluster of 6500 appliances managed centrally by this SMS version 81.20.

The plan is to add the 1575 appliance, located at a branch office, to the central management of the SMS. It will utilize Dynamic IP for its internet connection.

Could you please advise if there's a specific Smart Knowledge (SK) article that outlines the steps for such a configuration?

Thanks in advance for your assistance.

_Val_ · ‎2024-05-20

You just need to follow the central management deployment guide instructions and set up your appliance as a DIAP GW.

For the latter, see FAQ SK

Moudar · ‎2024-05-20

When trying to install the policy on a DAIP gateway I get this:

a dynamic interface is configured under network management:

What part of sk33893 should i check to solve this, because it says: "Disable the Dynamic Address Gateway" how does that make sense?

What about the other message:

- dlopen: /opt/CPsuite-R81.20/fw1/tmp/install_policy/b52d5836-838f-4f00-aefd-7b61301a709c/FW1/lib/libcpatlas.so: cannot open shared object file: No such file or directory
--------------------------------------------------------------------------------

CaseyB · ‎2024-05-20

You need to create the object as a 1575 appliance instead of an open server. The open server is generating different options.

No worries about the libcpatlas.so, it is a cosmetic bug.

Moudar · ‎2024-05-20

I am trying this in lab (EVE-NG) so no 1575 gateway is available, the idea is to simulate the process in lab before applying it in reality

Are you a member of CheckMates?

VPN site-to-site & DynamicIP