Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

VPN Sticky SA (for LTE)

To support LTE environments, you must enable the VPN sticky Security Association (SA) feature. This feature makes sure that an LTE device has only one outgoing SA to the 61000/41000 Security System, which is a requirement for an LTE device.

Limitations

  • Connections are synchronized to all SGMs (instead synchronizing only to the backup SGM).
  • Third-party VPN peers are not enabled by default.









Important - You must not enable SPI distribution and Sticky SA at the same time. 


 








Configuration	


SGMs are typically configured automatically during LTE configuration. You must enable LTE support to use LTE features.


To configure this feature without configuring LTE:


  1. Run from the Expert mode: 
    # g_update_conf_file $FWDIR/modules/fwkern.conf fwha_vpn_sticky_tunnel_enabled=1
    

  2. Reboot all SGMs:
    # reboot –b all
Verification:


If SecureXL is enabled, make sure that the VPN Sticky Tunnel Enabled parameter is set to yes in  the  # /proc/ppk/conf file. To do so, run this command from the Expert node:


# g_cat /proc/ppk/conf | grep VPN



						

						
							
					 
				

			

				
	

	


	
	

		
			

				

					Top of Page
					©2014 Check Point Software Technologies Ltd. All rights reserved.
					
						Download Complete PDF
						
						Send Feedback
						
						Print