I remember trying that (using 3.1.7) and I found that tunnels from Palo to CP established OK but tunnels from CP to Palo failed because the Palo complained about not having a matching proxy id.
In the end I had to create a proxyid to match each network I had defined in the Check Point firewall object topology.
All worked OK then. Maybe this behaviour has changed in later versions.
No issues what so ever. Have used it a couple of times. In fact, I have been forced to get it working when having a CP firewall in a large VPN-mesh. The CP had loads of small networks that would require a ridiculous amount of routes and tunnel interfaces on all the PAN devices. I'd say it wasn’t an option in that particular case. R65 versions and later (Checkpoint) work as far as I know.
Interesting. Was your CP in "Traditional" or "Simple" mode as this may affect how the tunnels are negotiated?
I had quite a few little networks on CP too! Would have preferred to get it working as you suggested,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!