Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
pnobels
Explorer

renewal ipsec vpn cert

Hi,

running R81.10 take 66.

I've got an ipsec cert renewal for our main vpn gateway upcoming.  The cert is requested from the Checkpoint internal ca (so it's the selfsigned defaultcert).

I believe i can just renew the certificate and perform a policy push on the main vpn gateway?

And a policy push is NOT needed on all the remote gateways since they will renegotiate the ipsec connection automatically?

Best to perform this after hours as the tunnels will shortly go down/up due to ike phase 1 en 2 renegotiation? 

Thx!

  

__PRESENT

__PRESENT

__PRESENT

0 Kudos
1 Reply
G_W_Albrecht
Legend Legend
Legend

I wpuld suggest to install recommended JT 109 ! VPN / ICA cert renewal should be done automatically then: https://community.checkpoint.com/t5/Security-Gateways/IKE-certificate-auto-renewal-failure/m-p/63183...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events