https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143526#M22297 <P>Hi there,</P><P>We have a VSX cluster currently running on version R80.30. We have a requirement to migrate the external IP range to a new subnet (within a different part of the same larger IP address block so we have full control over routing within that block etc). However, we have multiple VPNs terminating on some of the virtual firewalls. I notice that in R81.10, Loopback interfaces are supported on VSX for Dynamic Routing over VPNs, however does anybody know if these could be used (and it is a supported configuration) as the source interface of a standard policy based site to site VPN? (Obviously we would need to add /32 routes externally for the old external address that was then migrated to the loopback).</P><P>Thanks,</P><P>John M</P> Fri, 11 Mar 2022 15:46:34 GMT manny799 2022-03-11T15:46:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143526#M22297 <P>Hi there,</P><P>We have a VSX cluster currently running on version R80.30. We have a requirement to migrate the external IP range to a new subnet (within a different part of the same larger IP address block so we have full control over routing within that block etc). However, we have multiple VPNs terminating on some of the virtual firewalls. I notice that in R81.10, Loopback interfaces are supported on VSX for Dynamic Routing over VPNs, however does anybody know if these could be used (and it is a supported configuration) as the source interface of a standard policy based site to site VPN? (Obviously we would need to add /32 routes externally for the old external address that was then migrated to the loopback).</P><P>Thanks,</P><P>John M</P> Fri, 11 Mar 2022 15:46:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143526#M22297 manny799 2022-03-11T15:46:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143538#M22301 <P>Wow, thats super interesting question...I would be curious to know as well. Personally, I never heard of something like that being supported.</P> Fri, 11 Mar 2022 18:43:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143538#M22301 the_rock 2022-03-11T18:43:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143565#M22310 <P>I've seen dummy DMZ interfaces used for similar in the past, but not tested this approach as yet myself.</P> <P>Suggest requesting a formal answer via TAC or your SE.</P> Sat, 12 Mar 2022 02:12:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143565#M22310 Chris_Atkinson 2022-03-12T02:12:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143592#M22318 <P>What matters is the IP address you configure for Link Selection, which I assume could be that loopback address.</P> Sun, 13 Mar 2022 13:38:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Loopback-be-Used-as-a-VPN-Source-on-VSX/m-p/143592#M22318 PhoneBoy 2022-03-13T13:38:25Z