https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154234#M26099 <P>Yeah - Thanks for the response. So I hope I dont need to disable best-path selection policy of something. Just like in my other router setup I had to relax best path selection. In case of Check Point if all the attributes match and have ecmp enable I should see multiple paths added in route table.</P><P>&nbsp;</P> Sun, 31 Jul 2022 07:23:38 GMT Blason_R 2022-07-31T07:23:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154211#M26084 <P>Hi Team,</P><P>I have been asked to deploy 4 links to AWS DX connectivity. This is over BGP and I wanted to enable BGP ECMP so that all those links will be utilized. However I wanted to confirm if the traffic leaves from LAN to AWS will be delivered from the same link and if not will firewall accept the connection if receives from other link since its gonna be asynchronous routing.</P><P>Here is diagram - </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AWS-Direct Connect Terminatev1.0.13082021.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/17345i0405D772A56227F8/image-size/medium?v=v2&amp;px=400" role="button" title="AWS-Direct Connect Terminatev1.0.13082021.jpg" alt="AWS-Direct Connect Terminatev1.0.13082021.jpg" /></span></P><P>&nbsp;</P><P>Any specific considerations?</P> Sat, 30 Jul 2022 03:43:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154211#M26084 Blason_R 2022-07-30T03:43:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154212#M26085 <P>As is so long as anti-spoofing is configured correctly to permit traffic on the available paths and the same Firewall see both sides of the flow this shouldn't be a problem.&nbsp;</P> <P>For more information on BGP ECMP and the consideration for the configuration please see&nbsp;<SPAN>sk100504.</SPAN></P> Sat, 30 Jul 2022 04:23:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154212#M26085 Chris_Atkinson 2022-07-30T04:23:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154234#M26099 <P>Yeah - Thanks for the response. So I hope I dont need to disable best-path selection policy of something. Just like in my other router setup I had to relax best path selection. In case of Check Point if all the attributes match and have ecmp enable I should see multiple paths added in route table.</P><P>&nbsp;</P> Sun, 31 Jul 2022 07:23:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154234#M26099 Blason_R 2022-07-31T07:23:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154235#M26100 <P>To an extent that's what route-maps are for to adjust local_pref or <A href="https://community.checkpoint.com/t5/Security-Gateways/AS-Path-prepending-to-two-different-peers-in-the-same-AS/td-p/132851" target="_self">as-path pre-pending</A> to make the paths seem equal when attributes aren't necessarily as you need them.</P> Sun, 31 Jul 2022 08:37:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-AWS-Direct-Connectivity-BGP-ECMP/m-p/154235#M26100 Chris_Atkinson 2022-07-31T08:37:58Z