VSX Cluster R81.20 with Virtual Router: Best Practice for Dual ISP / Multi-WAN Configuration

oli139405 — Fri, 15 May 2026 09:06:42 GMT

Hello CheckMates,

I am working on a Check Point VSX Cluster R81.20 design and I need confirmation about the correct way to configure dual ISP / multi-WAN when the Internet edge is built with a Virtual Router.

Current topology

I have one VSX Cluster with two physical members:

CP1
CP2

I have two ISP routers:

CSR1 - ISP1
CSR2 - ISP2

The cabling is:

CSR1 ISP1 link 1  -> CP1 eth2
CSR1 ISP1 link 2  -> CP2 eth2

CSR2 ISP2 link 1   -> CP1 eth5
CSR2 ISP2 link 2   -> CP2 eth5

The VSX design uses a Virtual Router as the Internet/interconnect point, and the Virtual Systems are connected to this VR with warp links.

What I tried

In the VSX Cluster object properties, I expected to find:

Other > ISP Redundancy

but this option does not appear.

I understand that classic ISP Redundancy appears on regular Security Gateway / Security Group objects, but not on my VSX Cluster object.

Then I tried to add a second default route in:

VSX Cluster / Virtual Router > Topology > Add Default Route

but the GUI only gives me one place to enter a default gateway. I currently have one default route like:

0.0.0.0/0 -> 10.215.215.4

When I try to add another default route for the second ISP, SmartConsole does not give me a second default gateway field.

Questions

In a traditional VSX Cluster with a Virtual Router, is it expected that Other > ISP Redundancy is not available?
What is the correct supported design for dual ISP in this case?
Should I configure:
- one Virtual Router with eth2 and eth5,
- one default route,
- and then use Advanced Routing / Source-Based Routing for traffic that must exit through the second ISP?
Or should I create two Virtual Routers, for example:

VR-ISP1
  eth2
  default route -> ISP1 CSR

VR-ISP2
  eth5
  default route -> ISP2 CSR

and then connect the relevant Virtual Systems to the appropriate VR?

If I need automatic failover between ISP1 and ISP2 in VSX, what is the recommended method?
- Static routes with different priorities?
- Dynamic routing with the ISP routers?
- Source-Based Routing?
- Another supported VSX method?

Important detail

Each ISP is connected directly to both cluster members:

ISP1: CP1 eth2 + CP2 eth2
ISP2:  CP1 eth5 + CP2 eth5

Any guidance, best practices, or supported configuration examples for multi-ISP on VSX Cluster with Virtual Router would be appreciated.

Thank you.

Re: VSX Cluster R81.20 with Virtual Router: Best Practice for Dual ISP / Multi-WAN Configuration

Chris_Atkinson — Fri, 15 May 2026 13:52:32 GMT

Using virtual routers is uncommon...

Static routes with different priorities? Not supported with VSX per sk79700

Dynamic routing with the ISP routers? Yes - BGP

Source-Based Routing? Supported per sk79700