This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JaySon_2021
Contributor
‎2025-12-12 11:56 AM
Jump to solution

Site2Site VPN - Quantum Spark 2560. Peer ID and policy options

I am configuring a site2site VPN from our 2560 to a remote Checkpoint firewall. On our side of the config, for IKEv2 it wants us to input the Peer ID. Is that the IP of the remote side VPN?

Also, I am used to using Smartconsole (these are locally managed), and when creating rules for a VPN, we add the 'Community' to the rule. In the Spark I do not see where I specify the community. Is that just taken care of by virtue of the fact that I identified the local/remote networks used in the Encryption Domains?

0 Kudos
1 Solution

Accepted Solutions
Tom_Hinoue
Advisor
Advisor
‎2025-12-14 06:13 PM
Jump to solution

Some additional factors.

I believe the default is to use [Key ID] for locally managed Spark.
This can be confirmed/configured from the WEB UI -> [Device] -> [Advanced Settings] -> [VPN Site to Site global settings - IKEv2 key type].

The available options are:

(1) Key ID (Default)
(2) IP address
(3) FQDN

Make sure the key type matches what is configured with the peer vpn site configuration.

ikev2_keyid.png

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2025-12-12 03:10 PM
Jump to solution

I believe the Peer ID is the IP, yes.
The concept of a VPN community is not relevant for locally managed SMB devices.
The local/remote encryption domains should be configured correctly.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-12-12 07:18 PM
Jump to solution

I also think that would be the case with peer ID. I could be mistaken, but I recall setting the IP as peer ID few times before, recently with harmony sase.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2025-12-14 06:13 PM
Jump to solution

Some additional factors.

I believe the default is to use [Key ID] for locally managed Spark.
This can be confirmed/configured from the WEB UI -> [Device] -> [Advanced Settings] -> [VPN Site to Site global settings - IKEv2 key type].

The available options are:

(1) Key ID (Default)
(2) IP address
(3) FQDN

Make sure the key type matches what is configured with the peer vpn site configuration.

ikev2_keyid.png

0 Kudos
Pedro_Espindola
Employee
Employee
‎2026-01-02 03:27 PM
Jump to solution

Just to add to this discussion:

The purpose of a VPN community is to manage multiple tunnels in a single object, useful when you have a central office and multiple branches connected to it with identical tunnel config.

You can create VPN communities for locally managed Spark gateways that are connected to Spark Management in Infinity Portal. All Spark gateways are entitled to it. However, this is only for tunnels between your own Spark gateways managed by the same Spark Management. For externally managed peers you have to create the tunnel directly in the WebUI of the Spark itself.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events