R55 nokia IP Cluster VPN to remote Central managed Firewall

[bandit2001]

Hi help needed

Has anyone ever got a centrally managed VPN to work with a in Nokia IP Cluster on NG AI R55.

I have Secureplatform as my Management on the inside security VLAN

I have to Nokia IP 350 Cluster members

And an external Nokia IP 350 on another site centrally managed by my Secureplatform

I can apply polices to all enforcement modules clusters and Remote site.

But when it comes to creating the VPN between the remote site and cluster site. The remote site cannot validate its Internal CA which is supplied by the Management server (Secureplatform). I think this maybe a problem of Checkpoint it self as i have been with working on this Checkpoint support and no one seems to know answer to this solution.

Just wondering if anyone has manged this.

Looks like i will have to turn the remote end into external managed firewall (change of license needed!) And then use shared secrets to create the VPN.

Any answers would be of help

Cheers,

Steve

 

[Birmingham]

I wonder wether the problem really is a certificate problem. Maybe the problem is to do with how you have your objects configured for the cluster vpn.

Id start off by upgrading ipso to a newer version ( there are cluster fixes in the later versions ) and apply the latest HFA ( yep - more cluster fixes in there too ).

Next id pay attention to how the cluster is set up. Is it set up according to the documentation for ipso particularly the cluster object with the individual modules within it.

Finally, id check routing. Are the licensed ip addresses and ip addresses "facing" the respective firewalls all configured to go in the correct direction.

Thanks