This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vitaliy_Isaenko
Explorer
‎2022-08-26 01:13 AM

Allow an encrypted communication channel between servers

Hi, i'm Vitaliy

IPSEC vpn is installed between 2 branches on virtual gateways c R80.40 and R81.10. each of the branches hosts software components that communicate with each other via an encrypted communication channel based on ipsec ESP (this is the developer's requirement). How do I allow the establishment of an encrypted channel inside an existing tunnel?
If you need screenshots of the settings, I will provide them.

Preview file
10 KB
0 Kudos
17 Replies
PhoneBoy
Admin
Admin
‎2022-08-27 10:37 PM

Pretty sure what you’re asking for is an RFE.

0 Kudos
Vitaliy_Isaenko
Explorer
‎2022-08-28 12:57 PM
In response to PhoneBoy

Hi, PhoneBoy! Excuse my ignorance, but can't you explain what "RFE" means?

0 Kudos
the_rock
Legend
Legend
‎2022-08-28 01:23 PM
In response to Vitaliy_Isaenko

It means request for enhancement...something that is not implemented, but can be requested.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Though, not to be a debbie downer as they say ( : - ), but the way these work with ANY vendor out there is that they would most likely consider it ONLY if there are enough customers asking for it and there is a business need for it. Otherwise, they wont bother...but, you are certainly welcome to submit it, that costs no money : - )

0 Kudos
the_rock
Legend
Legend
‎2022-08-28 09:33 AM

I think if you give the screenshots, it may help.

0 Kudos
Vitaliy_Isaenko
Explorer
‎2022-08-28 01:28 PM
In response to the_rock

Hi, the_rock. Screenshots of which settings should I provide? I will provide the general ones to begin with and if something is missing, then specify which ones to add.

Preview file
38 KB
Preview file
48 KB
Preview file
39 KB
Preview file
24 KB
Preview file
31 KB
Preview file
20 KB
Preview file
12 KB
0 Kudos
the_rock
Legend
Legend
‎2022-08-28 02:34 PM
In response to Vitaliy_Isaenko

K, sorry, maybe I misunderstood your request...what EXACTLY are they asking you to do?

0 Kudos
Vitaliy_Isaenko
Explorer
‎2022-08-28 11:53 PM
In response to the_rock

Hi!
The task boils down to the following: it is necessary to ensure the passage of encrypted traffic over the ESP protocol inside an ipsec tunnel installed between two Check Point security gateways. I have published screenshots of one security gateway with the settings made. On the second one they are similar except for the ip address on the external interface

0 Kudos
_Val_
Admin
Admin
‎2022-08-28 11:58 PM
In response to Vitaliy_Isaenko

Hi, although it is a good idea to discuss the requirements here, the actual RFE process is different.

To submit an RFE, use the following URL:

https://www.checkpoint.com/rfe/rfe.htm

 

Please provide:

  • A brief description of the requested change
  • Contact Information
  • Detailed description of the problem or circumstances leading to the requested change
  • Product/Version
  • OS
0 Kudos
Vitaliy_Isaenko
Explorer
‎2022-08-29 12:07 AM
In response to _Val_

Hi, _Val_! 

It turns out that the problem we encountered during setup is a temporary limitation of Gaia functionality?

The link to RFE is not working, below is a screenshot

Preview file
65 KB
0 Kudos
_Val_
Admin
Admin
‎2022-08-29 01:15 AM
In response to Vitaliy_Isaenko

Correct, the link is down, I have alerted the relevant team. 

Could you please elaborate on "a temporary limitation of Gaia functionality" statement?

0 Kudos
Vitaliy_Isaenko
Explorer
‎2022-08-29 01:36 AM
In response to _Val_

We are faced with the problem of establishing an encrypted connection between two components of a software product inside an ipsec tunnel between Check Point security gateways.
I understand that "RFE" implies a revision of the OS functionality that does not work correctly. If I put it wrong, then correct me

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-09-08 03:33 AM
In response to Vitaliy_Isaenko

What you ask for is easily accomplished - contact TAC to resolve it, the few details explained here give us no clues whatever...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-08-29 12:39 AM

Allow communication for all needed services for each component - then all will be routed thru VPN. What exactly is the error or issue you have ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Vitaliy_Isaenko
Explorer
‎2022-08-29 04:28 AM
In response to G_W_Albrecht

Hi, G_W_Albrecht!

If we are talking about setting up an access control policy, then in our case there are no restrictions on services inside the tunnel.

Preview file
18 KB
0 Kudos
the_rock
Legend
Legend
‎2022-08-29 06:35 AM
In response to Vitaliy_Isaenko

I agree with @G_W_Albrecht ...I cant seem to come up with any other way.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-08-29 08:21 AM
In response to Vitaliy_Isaenko

What exactly is the error or issue you have ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Vitaliy_Isaenko
Explorer
‎2022-09-08 01:04 AM

Hello everyone!
Thank you for your time and advice. As it turned out, the problem was not in the settings of the security gateways, but in a software product that used an encrypted tunnel between its components. As for the Check Point security gateways themselves, they allow you to build another encrypted tunnel inside the Site-to-Site VPN without any problems.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events