https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167177#M30212 <P>Hello experts</P><P>&nbsp;</P><P>We are trying to establish site to site vpn tunnel to third party through checkpoint firewall. Due to one tunnel bandwidth limitation, we need to setup multiple tunnels between them. We noticed there's problem to establish multiple between 2 endpoints. Just wondering if below solution will help?</P><P>&nbsp;</P><P>client --&gt; internal firewall --&gt; external firewall --&gt; third party endpoint</P><P>&nbsp;</P><P>We will try to configure multiple VTI to different remote ip at internal firewall, So vpn tunnel will be between internal firewall and third party endpoint.&nbsp; And we will nat VTI IP to different public ip address at external firewall and nat all remote ips to same third party endpoint.</P><P>&nbsp;</P><P>So in theory, internal firewall will think it is connecting to multiple different endpoints. From third party point of view, all tunnel coming from different source.</P><P>&nbsp;</P><P>Then we add multiple static route at internal firewall pointing to same destination with same cost to achieve ECMP.</P><P>Is this solution possible?&nbsp;</P><P>Thanks in advance for your response.</P><P>&nbsp;</P><P>Cheers</P><P>Frank</P> Mon, 09 Jan 2023 20:26:24 GMT FrankXie 2023-01-09T20:26:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167177#M30212 <P>Hello experts</P><P>&nbsp;</P><P>We are trying to establish site to site vpn tunnel to third party through checkpoint firewall. Due to one tunnel bandwidth limitation, we need to setup multiple tunnels between them. We noticed there's problem to establish multiple between 2 endpoints. Just wondering if below solution will help?</P><P>&nbsp;</P><P>client --&gt; internal firewall --&gt; external firewall --&gt; third party endpoint</P><P>&nbsp;</P><P>We will try to configure multiple VTI to different remote ip at internal firewall, So vpn tunnel will be between internal firewall and third party endpoint.&nbsp; And we will nat VTI IP to different public ip address at external firewall and nat all remote ips to same third party endpoint.</P><P>&nbsp;</P><P>So in theory, internal firewall will think it is connecting to multiple different endpoints. From third party point of view, all tunnel coming from different source.</P><P>&nbsp;</P><P>Then we add multiple static route at internal firewall pointing to same destination with same cost to achieve ECMP.</P><P>Is this solution possible?&nbsp;</P><P>Thanks in advance for your response.</P><P>&nbsp;</P><P>Cheers</P><P>Frank</P> Mon, 09 Jan 2023 20:26:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167177#M30212 FrankXie 2023-01-09T20:26:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167179#M30213 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/79384">@FrankXie</a>&nbsp;@very interesting idea but answer will be NO&nbsp;<span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> <P>Between Check Points gateways you can use more then one link for a VPN connection and you can dorthin LoadSharing. But with third party, I‘m not aware of any solution.<BR /><SPAN>How about your VPN bandwidth limitation? Let‘s talk about these limitation youˋre referring to, please explain.</SPAN></P> Mon, 09 Jan 2023 20:42:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167179#M30213 Wolfgang 2023-01-09T20:42:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167180#M30214 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1447">@Wolfgang</a>&nbsp;</P><P>Can you please share more detail why it is not possible?</P><P>It is third party's limitation regarding bandwidth per tunnel. Take Zscaler as an example. Only 400M throughput supported per tunnel.</P><P>&nbsp;</P><P>Cheers</P><P>&nbsp;</P> Mon, 09 Jan 2023 20:51:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Setup-multiple-VPN-tunnel-between-checkpoint-firewall-and-third/m-p/167180#M30214 FrankXie 2023-01-09T20:51:55Z