Who rated this post - Check Point CheckMates

Four Ways to SASE
April 23, 5PM CET | 11AM ET

Boosting Performance & Stability
with Harmony Endpoint E88.70!

Watch Now

It's Here!
CPX 2025 Content

Get It Now

Zero Trust: Remote Access and Posture
Help us with the Short-Term Roadmap

The Future of Browser Security:
AI, Data Leaks & How to Stay Protected!

Watch now

CheckMates Go:
What is UPPAK?

LISTEN NOW

Some answers:

The default VPN authentication for S2S VPN is certificate-based. Pre-Shared is considered less secure and is only supported for cases when your VPN peer belongs to another security domain.
GW VPN certificates, like all other internal certificates, are signed by your domain CA
The default expiration period for VPN certificates is one year for all supported versions. You can extend it to three years, see sk176527.
AFAIK, there are no SNMP traps for certificates. However, there are multiple other means to follow up and check the validity of GW VPN certificates. Look into sk104400, sk178304, sk102092, sk97792. In essence, you will have either SmartConsole warning, or you can run a CLI command to check.

Who rated this post

Participant

Rating date: