Support Center > Search Results > SecureKnowledge Details
Using "Encryption Domain Per community" feature overrides Encryption Domain for other communities Technical Level
  • Using "Encryption Domain Per community (EDPC)" feature (User Defined) overrides Encryption Domain for other communities.
  • As an example of a problematic subnet, Check Point has a Backend Network, A VPN peer sometimes needs to access this Backend Network to negotiate for a specific subnet/host. If in a particular community users use "User Defined" Network (EDPC) and add, it breaks the connectivity with the Existing tunnels using

This is default behavior according to the design of the Check Point infrastructure used for the EDPC feature. The current design breaks the subnets into different ranges.

For example, the above subnet ( is divided into 3 subnets:

  • from to
  • from to (
  • from to

The only tunnels that work are those that require the /30 subnet. However, the current design breaks the connectivity with tunnels that require the /24 subnet.

Check Point validates the source against each range and only negotiates that particular range with the peers.

Eventually, the peers reject it, as they are expecting the /24 subnet in Phase-II negotiations.

Note: To view this solution you need to Sign In .