Hi Beverly, As you said both Fortinet and SonicWall are interoperable devices, when you edit the vpn_route.conf you are trying to install that file into the spokes, which can't be possible because those appliances aren't Check Point.
I think that the solution isn't in the Check Point side, because you have to configure the spokes (FG50A and Sonicwall) to send the packets directed to their encryption domains through the center (Check Point). Which I don't think is supported on those firewall brands. I think there is a feature called "VPN concentrator" in Fortinet, but again I don't think is interoperable with other vendors. Hope it helps, _______________________________ Cybertech Projects José María Gabaldón Network Security Engineer email: [EMAIL PROTECTED] www.cybertech.com.ve -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] En nombre de Picard, Beverly Enviado el: Miércoles, 17 de Noviembre de 2004 09:26 a.m. Para: [EMAIL PROTECTED] Asunto: [FW-1] VPN Routing and vpn_route.conf file Morning - I have the following issue: Currently running Checkpoint AI R55 on hardware platform Nokia 380 running IPSO 3.8 . I have 2 separate functional VPNs between CP -> Fortinet Fortigate 50A and CP -> SonicWall. Both are setup as interoperable devices. Tunnels work well but trouble with the routing. I need to route traffic from the Fortigate 50A --> CP --> SonicWall . The VPN Community for the Fortigate 50A is a STAR community and have selected to "Enable VPN Routing for satellites: To Center, or through the center to other satellites, to internet and other VPN targets". The following is a capture of my vpn_route.conf file: # destination router install_on [force_override] Fortigate_net lmcip380 SonicWALL SonicWall_Net lmcip380 Fortigate_50A ~ When I push the policy I get the following message: "Installation completed with warnings: add_install_on_gw_to_set: install on gw object is not a firewall (Fortigate_50A) add_install_on_gw_to_set: install on gw object is not a firewall (SonicWALL)" I am working with Nokia support on this but so far they can't determine why this doesn't work. Any input would be greatly appreciated. Thanks in advance! Beverly ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
