Configuring Advanced Site to Site Settings
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 243
Tunnel Health Monitoring
Dead Peer Detection (DPD) is an additional keepalive mechanism supported by the Check Point Security
Gateway to test if VPN tunnels are active. DPD uses IPsec traffic to minimize the number of messages
required to confirm the availability of a peer and requires an IPsec established tunnel. The DPD mechanism
is based on IKE encryption keys only.
The feature also allows you to monitor permanent tunnels based on DPD for both IKEv1 and IKEv2.
In active mode, a peer that is configured as DPD receives DPD Hello requests at regular intervals if there is
no incoming IPSec traffic for 10 seconds.
To test if a VPN tunnel is active:
Select a Tunnel health monitoring method
n
Tunnel test (Check Point Proprietary) – Works only between Check Point gateways.
n
DPD (Dead Peer Detection)
In DPD responder mode, the Check Point gateway sends the IKEv1 Vendor ID to peers from which the
DPD Vendor ID was received and answers incoming DPD packets.
To enable DPD responder mode:
Select the checkbox.
To Next Page
Loading...
Need help?
General
