- Products
- Learn
- Local User Groups
- Partners
- More
Stop Babysitting Rules.
Go Agentic
Step Into the Future of
AI-Powered Cyber Security
The State of Ransomware Q1 2026
Key Trends and Their Impact
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
CheckMates Go:
CheckMates Fest
I see two possibles ways:
Possible approaches to fix this:
Option 1 – Align Proxy-IDs (policy-based):
Explicitly define Proxy-IDs on the Palo Alto side that match the required networks on the Check Point side (you can summarize if possible).
On Check Point, make sure the correct VPN Domains are defined for the Palo Alto peer and double-check that security rules allow traffic both directions.
Also review NAT: confirm if a bidirectional No-NAT rule is needed or if any existing NAT rule may be interfering.
Option 2 – Go fully route-based:
Create a dedicated VPN community for this the Palo Alto and configure the tunnel as route-based on both sides (Check Point and Palo Alto), relying on routing instead of Proxy-IDs or VPN Domain to control traffic.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
