Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hundreds of IPSEC SA's with pfSense & Check Point VPN

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjj
      last edited by

      I have an IKEv2 IPSEC VPN setup between a pfSense box and a Check Point appliance. On the pfSense end (local) I have one Phase2 defined that has their network summary for remote network (there are multiple subnets within that summary on the remote end). On the Check Point's end, the VPN community (or Phase2 remote network) is basically 10.0.0.0/8 and 192.168.0.0/16. Right now it has 537 IPSEC SA's established. After a while, it will drop back down to 10 and start going up again.

      The connection was dropping a lot so I enabled "Initiate IKEv2 reauthentication with a make-before-break." Also have "Enable MSS clamping on VPN traffic" checked. On the Check Point end, I have one tunnel per gateway pair enabled.

      Any ideas on what would be causing the huge numbers of IPSEC SAs?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.