This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
yesterday
Jump to solution

L2TP/IPsec Issue After Gateway Rename

Hello Experts

In a Smart-1 Cloud–managed environment, we observed an issue where
L2TP/IPsec (Remote Access VPN) stops working after changing the Security Gateway object name.

As a result of our investigation, we found that the old object name remains in the Subject/CN of the Gateway certificate.
As a test, we reverted the object name back to the original one, and VPN connectivity started working normally.
Based on this behavior, we believe that the object name embedded in the certificate is affecting VPN operation.

When changing the object name of a Security Gateway that uses L2TP,
is it necessary to explicitly delete and reissue the certificate on the Smart-1 side?

Additionally, if there are any Smart-1 Cloud–specific limitations or considerations compared to an on-premises Management Server,
I would appreciate it if you could share them.

Thank you in advance.

0 Kudos
1 Solution

Accepted Solutions
Vincent_Bacher
Leader Leader
Leader
yesterday
Jump to solution

I don't use S1C so i cannot answer the qestion about limitations there.
Regarding Certificate: Yes. You have to delete the old VPN cert and generate a new one.

 

vpncert.png

First remove the old one, then "Add..." 

 

vpncertnew.png

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

2 Replies
Vincent_Bacher
Leader Leader
Leader
yesterday
Jump to solution

I don't use S1C so i cannot answer the qestion about limitations there.
Regarding Certificate: Yes. You have to delete the old VPN cert and generate a new one.

 

vpncert.png

First remove the old one, then "Add..." 

 

vpncertnew.png

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Platinum
MVP Platinum
yesterday
Jump to solution

Im fairly sure what Vince said is absolutely correct. I have access to 8 clients S1C and regardless if its cloud mgmt or on prem, behavior would be the same when it comes to what you are describing.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events