Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

VPN Sticky SA (for LTE)

To support LTE environments, you must enable the VPN sticky Security Association (SA) feature. This feature makes sure that an LTE device has only one outgoing SA to the 61000/41000 Security System, which is a requirement for an LTE device.

Limitations

  • Connections are synchronized to all SGMs (instead synchronizing only to the backup SGM).
  • Third-party VPN peers are not enabled by default.

Important - You must not enable SPI distribution and Sticky SA at the same time.

 

Configuration

SGMs are typically configured automatically during LTE configuration. You must enable LTE support to use LTE features.

To configure this feature without configuring LTE:

  1. Run from the Expert mode:

    # g_update_conf_file $FWDIR/modules/fwkern.conf fwha_vpn_sticky_tunnel_enabled=1

  2. Reboot all SGMs:
    # reboot –b all

Verification:

If SecureXL is enabled, make sure that the VPN Sticky Tunnel Enabled parameter is set to yes in the # /proc/ppk/conf file. To do so, run this command from the Expert node:

# g_cat /proc/ppk/conf | grep VPN

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print