CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 2 of 2

Thread: Add DAIP gateways to source in a policy

  1. #1
    Join Date
    Rep Power

    Default Add DAIP gateways to source in a policy

    Hi all,

    I have some DAIP gateways which can't work with certificates. I need to create a policy to allow any kind of traffic in the CP device which comes from these DAIP gw. I don't know how to do that or what object configure to add it to the rule.

    These gw have dynamical IP so I can't add them as a host with a dynamic IP.

    Thanks beforehand,

  2. #2
    Join Date
    Gig Harbor, WA, USA
    Rep Power

    Default Re: Add DAIP gateways to source in a policy

    Based on the fact you're talking about certificates, I'm assuming you're referring to VPN from a host with a dynamic IP.
    Check Point requires certificates to be used in this case because pre-shared secrets in a dynamic IP scenario are not considered secure.
    See: https://blog.webernetz.net/considera...red-keys-psks/

    If you're talking about unencrypted traffic, then you could potentially allow traffic from that host IF:

    1. The remote sites have a DNS entry associated with them (e.g. a Dynamic DNS)
    2. You are using R80.10, then you can use an FDQN Domain object.
    3. You are using R77.30 and earlier, you can use a dynamic object where a script periodically updates the value based on lookups to the FQDN.
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. IPSEC VPN with DAIP gateway behind NAT
    By bhabh in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2017-05-23, 07:53
  2. Replies: 5
    Last Post: 2016-07-11, 14:25
  3. Migration of security policy from CMA to separated gateways
    By Black Heart Ed in forum SmartDashboard
    Replies: 8
    Last Post: 2013-08-20, 09:13
  4. VPN to edge DAIP on two interfaces
    By *tomo* in forum Check Point UTM-1 Edge Appliances
    Replies: 1
    Last Post: 2012-03-13, 05:54
  5. Replies: 5
    Last Post: 2008-07-24, 05:29

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts