Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scott_Paisley
Advisor

dropped by chain_ipsec_methods_ok Reason: Illegal interfaces group;

Hi

Upgrading clusters to R81.20 from R81.10 using CDT.

All the upgrades completed successfully, all policy installs, but on 4 of the clusters I now can't reach the standby member through the VPN tunnel

the error is "dropped by chain_ipsec_methods_ok Reason: Illegal interfaces group;"

Other clusters work fine, and I can't immediately see the difference

Any bright ideas?

Thanks

0 Kudos
1 Reply
Scott_Paisley
Advisor

OK, I have half figured it out thanks to this post

https://community.checkpoint.com/t5/Security-Gateways/VPN-Encryption-Issues-with-tunnel-to-Azure/m-p...

I was trying to access the outside Internet facing interface of the standby member (which previously worked)

The clusters I thought were working used internal interfaces which are explicitly part of the encryption domain.

Now just need to work out if we can include the external interfaces again

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events