Hi has any one had a chance to build an IPsec site to site tunnel between Pfsense and Checkpoint firewalls. I can get phase 1 to connect but phase2 just won’t connect no matter what.
Thank you
Hi has any one had a chance to build an IPsec site to site tunnel between Pfsense and Checkpoint firewalls. I can get phase 1 to connect but phase2 just won’t connect no matter what.
Thank you
Start with the logs on both sides, what do they say on why phase 2 isnt coming up?
Update your main post with what you find
Looking at the logs from each side should help you figure out what is not matching. There are debug option you can run too for troubleshooting.
Check the source and destination subnets to make sure they match exactly on both sides. I’ve seen instances where Checkpoint will change the subnet mask on one or the other without informing the admin
Weird thing was that in logs all it was saying that connection dropped 93. Turned out that DF group in phase 2 was the issue. On ChefkPont it was weird how they have it disabled made it look like it was enabled. Turning it on made everything work like a charm.
On ChefkPont it was weird
To be fair CheckPoint is weird on all respects. Most of the CP related calls we get are due to their secret sauce encryption.
That is why they are getting gutted out. Since we have taken over this client we had one issue after another.