Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nikolaos_Liakop
Explorer

exclude gw public ip from encryption domain

We have a couple of remote branch offices which consist of 1500 series SMB (centrally or locally managed) and a Cluster of CP at our HQ.
All of the remote branch offices connect to the HQ via a Star Topology S2S VPN.

We want our remote branch office users to be able to connect via client vpn (capsule,ENS) towards the HQ besides the S2S VPN
which is something we cannot accomplish at the moment

I suppose we can't connect due to the fact that the HQs public IP belongs to the encryption domain which is something that i want to exclude.
I know also that this can be accomplished via crypt.def. but no matter how hard i tried i cannot do it.

Has anyone done something similar and wants to share a template or an excerpt from crypt.def so that I can see what am I doing wrong ?

Regards

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

If you're just modifying $FWDIR/lib/crypt.def, that won't work for SMB gateways, which have their policy compiled from a different set of .def files.
More precisely they are in /opt/CPSFWR80CMP-R81.10/lib (replace R81.10 with your management version).

Nikolaos_Liakop
Explorer

Do i need to exclude HQs public IP from all the CPs ??

I was thinking that if i could exclude it from the HQs crypt.def would suffice

0 Kudos
PhoneBoy
Admin
Admin

I think in your case, you'll have to exclude it in both places (the HQ gateways and the SMB gateway).
That means editing both .def files.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events