This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MTS
Participant
‎2021-08-11 08:04 AM

The site to site VPN between CheckPoint just won't bring up automatically after reboot

Hi,

 

We just set up a VPN community for both CheckPoints for two remote sites.

Both CheckPoints are managed by the same SMS.

We find that even we configure the permanent tunnel for the community and install the policy package for it to both CPs.

The site to site VPN between CheckPoint just won't bring up automatically after reboot 

Now, we have to get the Smartview and manually reset the Tunnel to bring it up...

 

How to fix this?

 

By the way, we have another three VPN tunnels' communities connecting to Fortigate and PaloAlto, and no the same issue was found...

0 Kudos
12 Replies
PhoneBoy
Admin
Admin
‎2021-08-11 08:59 AM

What version/JHF?
What messages appear in the firewall logs?
Anything odd in $FWDIR/log/vpnd.elg?

0 Kudos
MTS
Participant
‎2021-08-11 05:59 PM
In response to PhoneBoy

What version/JHF?
the latest.


What messages appear in the firewall logs?

Seems no error?

I will just reset / reinstall the policy package then the VPN will up again,


Anything odd in $FWDIR/log/vpnd.elg?

Nope.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2021-08-11 06:46 PM
In response to MTS

Ok, so if its brand new community, we know for sure it never worked before...phoneboy made a good point, usually vpnd* files in $FWDIR/log would give some indication about possible failures...have you tried running vpn debug ikeon and vpn debug ikeoff when this occurs and then examine ike.elg file?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-11 08:29 PM
In response to MTS

The latest version is R81.10 which doesn’t have a JHF yet.
Is this what you are running?
If not, please state the precise version/JHF you are running.

Might want to look at the general VPN debug steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
In General, the more information you provide, the more likely we can help you.

MTS
Participant
‎2021-08-12 05:39 AM
In response to PhoneBoy

How to check the version/JHF?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2021-08-12 05:50 AM
In response to MTS

cpinfo -y all from expert mode

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
MTS
Participant
‎2021-08-18 07:59 PM
In response to the_rock

This command can not be used for SMB model.

 

No "-y"

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-18 11:56 PM
In response to MTS

For SMB, you can see the exact version and build in the WebUI, which should have been provided at the beginning of this thread.
In general the more information you can provide us about your environment, the easier it is for us to help you.

The general VPN debugging SK I linked to earlier should still be helpful on SMB.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
MTS
Participant
‎2021-08-20 12:29 AM
In response to PhoneBoy

Version:

1570 GW: R80.20.25

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-08-20 01:11 AM
In response to MTS

Which Build, 992002136 ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MTS
Participant
‎2021-08-22 05:58 PM
In response to G_W_Albrecht

Capture.PNG

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-08-19 12:15 AM
In response to MTS

I would suggest to involve TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events