This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aniceto10
Explorer
Explorer
a month ago
Jump to solution

VTI - VSNext

Hi !

I'm trying to test some features of VSNext - Elastic.

I've followed the proc (Solved: VLAN trunk in vsnext - Check Point CheckMates) to use Vlans in the VS (attaching and detaching from VS0) but now I'm having an issue using VTI, and I didn't find any topics/docs about it.

Basically, I created a vpnt1 as VTI in VS0, and edited the VS context to move this VTI to it. The task was completed, but when I try to get topology for this object in SmartConsole, I cannot see the Virtual Tunnel Interface.

I'm attaching screenshots with the Interfaces tab and the get topology info of this VS context.

Does anyone have a way to make VTI work in VSNext?

Regards.  

Preview file
34 KB
Preview file
30 KB
0 Kudos
2 Solutions

Accepted Solutions
Wolfgang
MVP Gold
MVP Gold
a month ago
Jump to solution

@Aniceto10  have a look at  the VTI limitations..

VSNext / VSX supported features 

Blade / Feature R82
VSNext		 R82
Traditional
VSX		 R81.20 R81.10 R81
VPN Site-to-Site - VTI - Numbered YesWolfgang_0-1762456638967.png

 



After creating the VTI, you must reboot the Security Group
(PMTR-119289)		 Yes Yes Yes Yes
VPN Site-to-Site - VTI - Unnumbered No
(PMTR-60112)		 No
(by design)		 No
(by design)		 No
(by design)		 No
(by design)

View solution in original post

the_rock
MVP Platinum
MVP Platinum
a month ago
Jump to solution

Im fairly sure thats a limitation, specially if its unnumbered VTI, which seems it is in your case.

https://support.checkpoint.com/results/sk/sk79700

Best,
Andy

View solution in original post

0 Kudos
5 Replies
Wolfgang
MVP Gold
MVP Gold
a month ago
Jump to solution

@Aniceto10  have a look at  the VTI limitations..

VSNext / VSX supported features 

Blade / Feature R82
VSNext		 R82
Traditional
VSX		 R81.20 R81.10 R81
VPN Site-to-Site - VTI - Numbered YesWolfgang_0-1762456638967.png

 



After creating the VTI, you must reboot the Security Group
(PMTR-119289)		 Yes Yes Yes Yes
VPN Site-to-Site - VTI - Unnumbered No
(PMTR-60112)		 No
(by design)		 No
(by design)		 No
(by design)		 No
(by design)
the_rock
MVP Platinum
MVP Platinum
a month ago
In response to Wolfgang
Jump to solution

Thats exactly what I was looking at Wolfgang...seems one way to get around it is use numbered VTIs. I will say, though this is just my personal experience, unnumbered ones work way better for BGP / express route.

Best,
Andy
0 Kudos
Aniceto10
Explorer
Explorer
a month ago
In response to Wolfgang
Jump to solution

Thank you Wolfgang.

After reboot, I can see the VTI when run get topology now.

Probably this issue will be fixed soon (next JHF or R82.10).

Regards.

Preview file
250 KB
the_rock
MVP Platinum
MVP Platinum
a month ago
In response to Aniceto10
Jump to solution

Excellent!

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
a month ago
Jump to solution

Im fairly sure thats a limitation, specially if its unnumbered VTI, which seems it is in your case.

https://support.checkpoint.com/results/sk/sk79700

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events