Hi I have a Watchguard T30 in Western Australia and a Checkpoint Quantum Spark in Melbourne.
Checkpoint is at the head office and Western Australia is a branch.
In Western Australia, the internet is vdsl so it’s being bridged from ISP modem/router to the Watchguard.
When we do a site-to-site vpn between the two it works fine but after about 30 min it breaks the connection. I changed the renegotiate from 8 hours to 12 hours it lasted around 3 hours.
Does anyone know what’s happening and how to fix this ?
My guess would be a mismatch on encryption domains between the two sites. I would do a review and see what IKE IDs are being sent between the two gateways. You should be able to capture some VPN debugs on the Check Point side and review.
My guess would be a mismatch on encryption domains between the two sites.
This was my first thought too. Years ago, Check Points loved to change the encryption domain to fit whatever it thought it wanted to randomly, which was fine if you had all CP firewalls. Check Point was fantastic at everything else, but VPN… no thanks. Plenty of debugging options on Check Points, and I’m sure on WatchGuard too