About nitesharbale

@aleksandar.astardzhiev Finally after a week of troubleshooting, it started working. Thanks for your valuable suggestion, it wont be possible without your help. I will put the changes i made in steps below, so that it would help other folks as well. First read 4-B here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101219. Below are snaps.   Step 1: changed from "true to "false"   Step 2: changed to false   Step3: changed to false     On PA: Go to Network TAB-->IPSec Tunnel-->Open the tunnel-->inside proxy ID i defined 200.1.1.1(PA local NAT IP, earlier it was 10.172.0.0/24, while troubleshooting i changed to 200.1.1.x) and remote as 10.168.1.1(CP IP). Earlier it was whole subnet i.e 200.1.1.0/24 and 10.168.1.0/24     @aleksandar.astardzhiev because i have static nat, do i always need to define /32 as proxy ID ? Thanks ... View more

That is awesome, thank you so much! I promise you won't regret your purchase 🙂     ... View more

@nitesharbale,   You just need to create EXTERNAL type of zone which will allow to communicate traffic between the zones which belong to different vsys. Once zone is created, you need to add security polices that allows communication between local zone and external zone. Article shared by @BPry have all these details.   Mayur ... View more

Do you have a route on R2 pointing back to the PAN with this address?  Also, since the IP has no interface associated with it you may have to put in what I call a "ghost route" to make sure your zones align properly.  Add a route with an interface value and next hop value of "none" to assign the proper zone. ... View more

Hi Akurt,   Thanks for answering. In my organization we handle multiple clients and there are multiple virtual system created and hence i wanted to practise. Anyways thankyou again ... View more