- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Gaia traffic outside of VPN Domain is blocked ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Gaia traffic outside of VPN Domain is blocked due to "Clear text packet should be encrypted" ?
Traffic originating on "Check Point 1" (CP1) going to a network behind "Check Point 2" (CP2) is blocked by CP2 because of "Clear text packet should be encrypted." But the interface CP1 is sending the traffic from is not in the VPN Domain network and therefore should not be encrypted. Why does CP2 think CP1's traffic should be encrypted? R81.10 T95
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Scenario 3 here: https://support.checkpoint.com/results/sk/sk108600
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How define in a crypt.def a subnet , not just an IP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using the standard INSPECT syntax: net(<Network_IP_Address>, <Mask_Length>)
For example, for the subnet 192.0.2.0/24, you'd use: net(192.0.2.0,24)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That applies only when 3rd party firewalls are involved, no? Surely not when only Check Point firewalls are involved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's mostly when only Check Point firewalls are involved. That functionality is how "permanent tunnels" work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regardless, Management should handle it behind the scenes. I don't understand Check Point's philosophy of "User interface says one thing and system does another."