Mastering Endpoint Security -
Best Practices for 2024
Check Point Named Leader
In Mobile Threat Defense
Regulatory Compliance Update
For Non-US DoC Versions
Customer Threat Prevention
& Vulnerability Management Survey
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Infinity AI Co-Pilot
The VPN is going down because certificates are used for IKE Phase 1 authentication; when a rekey occurs the CRL must be retrieved from the SMS/MDS to ensure the certificate has not been revoked. There is a cache for the CRL on the gateways that will help if the SMS/MDS is down for a short period, but if it is down long enough the cached CRL entries will expire and the VPN breaks at the next rekey.
You can extend the CRL cache timeout or even disable the CRL checking completely as described here:
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
