May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend
Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!
Mastering Compliance
Unveiling the power of Compliance Blade
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
CPX 2024 Recap
New VPN daemons were launched with R81.10. In the new version R81.20 you can see that these daemeons have been further revised.
Now iked runs as a multi-process and controls all IPsec VPN tunnels.
The other two processes, vpnd and cccd, each run only once on the gateway.
As far as I have understood correctly, the processes from R81.20 onwards are responsible for the following:
| VPN Type | vpnd | iked |
| Site-to-Site VPN | - | IPSec ESP |
| - | IPSec NAT-T | |
| - | Permanent tunnel | |
| - | MEP | |
| - | Link selection | |
| Remote Access VPN | - | Endpoint - IPSec RA Client |
| - | L2TP | |
| CCC protocol | - | |
| Visitor Mode | - |
For debugging, I noticed that the IKED daemon must now be debugged accordingly for example for iked0, iked1,...
Depending on the corresponding daemon (now shown in R81.20 with "vpn tu tlist -z") the debug must be set specifically for it.
If the daemon is now known, a special debug for this iked index id can be enabled:
# ike debug -i <iked index id> trunc ALL=5
This creates the corresponding debug files with the corresponding iked index id:
vpnd-ikev<iked index id>trace
So far I have understood everything.
Now my questions:
1) Where can I find Check Point documentation describing the new R81.20 VPN architecture?
2) How can I enable a VPN debug and how can I evaluate the multi R81.20 iked daemons? Are there any sk's or a documentation here.
3) Is there a design overview of how vpnd, iked and cccd work together?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
