Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scott_Paisley
Advisor

dropped by chain_ipsec_methods_ok Reason: Illegal interfaces group;

Hi

Upgrading clusters to R81.20 from R81.10 using CDT.

All the upgrades completed successfully, all policy installs, but on 4 of the clusters I now can't reach the standby member through the VPN tunnel

the error is "dropped by chain_ipsec_methods_ok Reason: Illegal interfaces group;"

Other clusters work fine, and I can't immediately see the difference

Any bright ideas?

Thanks

0 Kudos
1 Reply
Scott_Paisley
Advisor

OK, I have half figured it out thanks to this post

https://community.checkpoint.com/t5/Security-Gateways/VPN-Encryption-Issues-with-tunnel-to-Azure/m-p...

I was trying to access the outside Internet facing interface of the standby member (which previously worked)

The clusters I thought were working used internal interfaces which are explicitly part of the encryption domain.

Now just need to work out if we can include the external interfaces again

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events