Hello, my friend. Yesterday, I made the configurations as per the document, but initially, we encountered some authentication failure logs:
We suspected it might be related to the certificate or how we were trying to use it. After making some changes and attempts, we were able to resolve the issue, and authentication started working correctly. We could even see the tunnel up, but we couldn't pass traffic through it. Here's what we did: The client exported the SonicWall certificate in .p7b format.
Using that certificate, I created a Trusted CA object in the SmartConsole.
Then, in the cluster>IPSec VPN object, I clicked on 'Add...' and entered the Nickname, selected the created CA, and clicked on 'Generate...'.
The request was created, and I clicked on 'View' and 'Save to File...'.
I sent the .req file back to the client, who signed it with their CA and returned a .crt file to me. With this file in hand, I clicked on 'Complete...', selected the file, and the process was completed, with the certificate now showing a 'Signed' status.
After this process, the authentication failure error stopped, and the tunnel came up. However, we couldn't identify the reason why traffic is not flowing through it.
To test between Check Point appliances, I set up a lab to establish this tunnel with the client's appliance. In this case, my lab appliance is the one with a dynamic IP.
I only swapped the certificates between them, and I encountered the same authentication failure error. I looked at the guide on how to set up tunnels on Externally Managed Gateways based on certificates, but the process wasn't clear to me.
Could you please help with how can I do the certificates swap between these Check Point Appliances in this case?