Configuring Advanced Site to Site Settings
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|356
Tunnel Health Monitoring
Dead Peer Detection (DPD) is an additional keepalive mechanism supported by the Check
Point Security Gateway to test if VPN tunnels are active. DPD uses IPsec traffic to minimize
the number of messages required to confirm the availability of a peer and requires an IPsec
established tunnel. The DPD mechanism is based on IKE encryption keys only.
The feature also allows you to monitor permanent tunnels based on DPD for both IKEv1 and
IKEv2.
In active mode, a peer that is configured as DPD receives DPD Hello requests at regular
intervals if there is no incoming IPSec traffic for 10 seconds.
To test if a VPN tunnel is active:
Select a Tunnel health monitoring method
n
Tunnel test (Check Point Proprietary) – Works only between Check Point gateways.
n
DPD (Dead Peer Detection)
In DPD responder mode, the Check Point gateway sends the IKEv1 Vendor ID to peers from
which the DPD Vendor ID was received and answers incoming DPD packets.
To enable DPD responder mode:
Select the checkbox.
To Next Page
Loading...
