Support Center > Search Results > SecureKnowledge Details
Using "Encryption Domain Per community" feature overrides Encryption Domain for other communities Technical Level
  • Using "Encryption Domain Per community (EDPC)" feature (User Defined) overrides Encryption Domain for other communities.
  • Check Point has a Backend Network of, that sometimes a peer requires to negotiate for a specific subnet/host. If in a particular community users use "User Defined" Network (EDPC) and add, it breaks the connectivity with the Existing tunnels using
This is because of the Check Point infrastructure that is used for the EDPC feature. The current design will break the subnets into different ranges. 

For example, the above subnet ( will be divided into 3 subnets:    -    -   (  -

The tunnels that only require the /30 Subnet work, However, the current design breaks the connectivity with tunnels that are expecting the /24 subnet. Check Point validates the source against each range and only negotiates that particular range with the peers. Eventually  the peers reject it, as they are expecting the /24 subnet in Phase-II negotiations.

Note: To view this solution you need to Sign In .