Who rated this post

Showing results for 
Search instead for 
Did you mean: 

Sigh please read my prior post again...

Yes the Cisco one still works because Cisco is less strict about the subnets/Proxy-IDs it will accept unlike Fortinet/Sonicwall/Juniper and doesn't need user.def* modifications to work typically.

Everything else you mentioned in your last reply (One VPN tunnel per subnet pair, ike_p2_enable_supernet_from_R80.20) is not relevant to the contents of the $FWDIR/conf/user.def.FW1 which will override all that.  Find the $FWDIR/conf/user.def.FW1 file on your original R77.30 SMS (not the upgraded R80.40 one) and I can *guarantee* you have subnet_for_range_and_peer directives in there.  Those directives need to be placed in the $FWDIR/conf/user.def.R77CMP file on your upgraded R80.40 SMS, and then reinstall policy to your gateways.  Full stop.

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com

View solution in original post

Who rated this post