Thanks, now to add a further spin! What if the manager changed and sic was established with another manager, would the vpns break instantly or not until a new policy was pushed from the new manager? Basically I assume there is no real way to keep a vpn intact and hardly any down time if a ne manager was deployed changing the vpn from cert to pre shared key, cheers
On Tue, 24 May 2011 01:34 BST David DeSimone wrote: >Since we just recently had this happen to us on our network, I can >confirm that this is exactly what happens. > >Certificate-based VPN's will fail within 24 hours due to the gateways' >inability to load the CRL. > >Pre-shared secret VPN's will continue to operate, presumably >indefinitely. > > >Independent IT Consultant <[email protected]> wrote: >> >> It greatly depends on the *type* of VPN. If using certificates (such >> as with Edges or other gateways that are centrally managed), then >> the limiting factor is the CRL expiration on the ICA, which is, by >> default, 24 hours. In this case, tunnels that can't validate their >> certificates will fail after that CRL timeout period. Remember, >> it's 24 hours after the last CRL refresh, not necessarily 24 hours >> after the SMC went down. With VPNs to external gateways using shared >> secret, they may work indefinitely, but I wouldn't guarantee it. >> >> >> On Mon, May 23, 2011 at 12:45 PM, Peter Addy <[email protected]> wrote: >> >> > Curious, Does anyone know how long would vpn's continue to work if a >> > smartcenter was down and not available for ? And if they do stop why >> > is this so, or do they simply continue to run but changes not can be >> > made until the manager was restored? Thanks > >-- >David DeSimone == Network Admin == [email protected] > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > >This email message is intended for the use of the person to whom it has been >sent, and may contain information that is confidential or legally protected. >If you are not the intended recipient or have received this message in error, >you are not authorized to copy, distribute, or otherwise use this message or >its attachments. Please notify the sender immediately by return e-mail and >permanently delete this message and any attachments. Verio, Inc. makes no >warranty that this email is error or virus free. Thank you. > >Scanned by Check Point Total Security Gateway. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= > >Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
