This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nima_Chogyal
Contributor
‎2023-09-13 11:54 PM
Jump to solution

configuring dpd timer on SMB 1800appliance

vpn with cisco router is unstable.sudden spikes and packet losses. anyone knows how to configure dpd timers? I know we can set those through a management server. but its a locally managed gw.Corexl and securexl are enabled. Smartaccel that helps to increase the throughput of the gateway has also been enabled.CPU and memory on the gateway is also fine, nothing to big to be worried about.CPU is under 15% and the gw is using about 4gb/8gb of memory.

The customer has a application that has a timeout session of 5 seconds and when the tunnels are up everything works but when the gw deletes the negotiation it takes time to build again and thatss why the customer has been complaining about it.Funny thing is that on  the same device, theres another VPN with a cisco router and its working completely fine.

getting this from the vpn debug on the 1800 appliance:

 

[sfwd 22516 4152900864]@GW[11 Sep 19:06:24] Sent Notification to Peer 6797e796: DPD ACK
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24] Notification to Peer 6797e796: Sent Notification: DPD ACK
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24]          < FWIKE_PACKET_END >    Id = 181279
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24]          < FWIKE_EXCH_END >    Id = 181279
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24]          < FWIKE_ROLE_END >    Id = 181279
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24]    TalkToEngine: Engine RC is << FWIKE_SND_NOTIFY >>
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24] TalkToEngine: sending notification once 
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24] NegotiationTable::NegotiationUpdated: Updating indices for: 0xeb6ba90
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24] NegotiationTable::DeleteNegotiation: Invoked for:
[sfwd 22516 4152900864]@GW[11 Sep 19:06:24] neg ptr: eb6ba90 ass: ec5a3b0 wait4: 00 
msgId: ad0b372c method: 00 00 cookie: ad30775dc886b64e 
req type: 13 SPIs: 00 
[sfwd 22516 4152900864]@Ttpl-GW[11 Sep 19:06:24] NegotiationTable::DeleteNegotiation: peer: x.x.x.x local_ifn: -1 peer_ip: 0.0.0.0 found in negByTunnel hash
0 Kudos
1 Solution

Accepted Solutions
Nima_Chogyal
Contributor
‎2023-09-18 09:08 PM
In response to PhoneBoy
Jump to solution

Hi @PhoneBoy  I tried that but it turns out that the appliance could not handle strong encryption, Altho the CPU and memory utilization was not that high. the customer was using aes256,sha256 for both ike and ipsec and pfs with dh group14. 

Reduced all the values and the tunnels are stable and working. THank you for your response.

 

regards,

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2023-09-18 11:22 AM
Jump to solution

You might try configuring this setting:

image.png

Otherwise, I suggest a TAC case: https://help.checkpoint.com 

0 Kudos
Nima_Chogyal
Contributor
‎2023-09-18 09:08 PM
In response to PhoneBoy
Jump to solution

Hi @PhoneBoy  I tried that but it turns out that the appliance could not handle strong encryption, Altho the CPU and memory utilization was not that high. the customer was using aes256,sha256 for both ike and ipsec and pfs with dh group14. 

Reduced all the values and the tunnels are stable and working. THank you for your response.

 

regards,

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events