Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

SPI Distribution on SSM160 (asg dxl spi)

By default, the SSM160 distributes traffic to SGMs based on the IP address in the packet header. This methodology can be inefficient when working with a small number of remote peers in a Site-To-Site VPN topology. This is because the SSM160 only sees the VPN tunnel IP address and causes distribution only to some SGMs.

To resolve this issue, you can enable SPI distribution for VPN traffic. Run this command in Expert mode.

# set distribution spi mode on|off

Important - You must not enable SPI distribution for the LTE mode or when working with 3rd party VPN peers.

 

When you enable SPI distribution, you must also run:

# g_update_conf_file fwha_vpn_sticky_tunnel_enabled=0

 

When you disable SPI distribution in LTE mode or with a 3rd party peer, you must also run:

# g_update_conf_file fwha_vpn_sticky_tunnel_enabled=1

Note - SPI distribution mode is disabled by default.

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print