In this case there should not be any manual Proxy-IDs specified on the Palo side. ![]() This will cause the Check Point to propose a universal tunnel in Phase 2, yet still use the VPN Domains for tunnel and peer determination. ![]() When attempting an interoperable VPN between a Check Point and a Palo Alto you have basically two options:ฤก) In your VPN Community settings on the Check Point end under "VPN Tunnel Sharing" set "One tunnel per gateway pair". Palo Alto firewalls employ route-based VPNs, and will propose (and expect) a universal tunnel (0.0.0.0/0) in Phase 2 by default however the Palo can be configured to mimic a domain-based setup by configuring manual Proxy-IDs.
0 Comments
Leave a Reply. |