VPNs between Palo and Check Point

Reply
Highlighted
L4 Transporter

Re: VPNs between Palo and Check Point

Hi Oskar,

I remember trying that (using 3.1.7) and I found that tunnels from Palo to CP established OK but tunnels from CP to Palo failed because the Palo complained about not having a matching proxy id.

In the end I had to create a proxyid to match each network I had defined in the Check Point firewall object topology.

All worked OK then.  Maybe this behaviour has changed in later versions.

Regards,

Dave

Highlighted
L3 Networker

Re: VPNs between Palo and Check Point

No issues what so ever. Have used it a couple of times. In fact, I have been forced to get it working when having a CP firewall in a large VPN-mesh. The CP had loads of small networks that would require a ridiculous amount of routes and tunnel interfaces on all the PAN devices. I'd say it wasn’t an option in that particular case.  R65 versions and later (Checkpoint) work as far as I know.

Highlighted
L4 Transporter

Re: VPNs between Palo and Check Point

Interesting.  Was your CP in "Traditional" or "Simple" mode as this may affect how the tunnels are negotiated?

I had quite a few little networks on CP too!  Would have preferred to get it working as you suggested,

Thanks,

Dave

Highlighted
L3 Networker

Re: VPNs between Palo and Check Point

Always used simple mode when setting it up this way.

Hope you get it working!

Cheers,

/Oskar

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!