https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197560#M36903 <P>Hi mates,</P><P>&nbsp;</P><P><SPAN>Our client has a WAN site with dual ISPs connecting to the Central Management Gateway. They want to&nbsp; implement ISP redundancy. In the event of a failover, the WAN site should establish a VPN connection over the secondary ISP to the central gateway. We've configured ISP redundancy using the Smart Console. However, during our failover tests (unplugging the cable or disabling the interface), while routing successfully switches to the second ISP, the VPN seems to encounter issues. The remote site indicates that the VPN is up, but the internal subnet behind the gateway cannot reach the central management internal IPs over the VPN.</SPAN></P><P><SPAN>Other point is, central gateway is trying to establish VPN with failovered ISP´s IP.&nbsp;</SPAN></P><P>&nbsp;</P><P>Thnks.</P> Thu, 09 Nov 2023 09:00:42 GMT starmen2000 2023-11-09T09:00:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197560#M36903 <P>Hi mates,</P><P>&nbsp;</P><P><SPAN>Our client has a WAN site with dual ISPs connecting to the Central Management Gateway. They want to&nbsp; implement ISP redundancy. In the event of a failover, the WAN site should establish a VPN connection over the secondary ISP to the central gateway. We've configured ISP redundancy using the Smart Console. However, during our failover tests (unplugging the cable or disabling the interface), while routing successfully switches to the second ISP, the VPN seems to encounter issues. The remote site indicates that the VPN is up, but the internal subnet behind the gateway cannot reach the central management internal IPs over the VPN.</SPAN></P><P><SPAN>Other point is, central gateway is trying to establish VPN with failovered ISP´s IP.&nbsp;</SPAN></P><P>&nbsp;</P><P>Thnks.</P> Thu, 09 Nov 2023 09:00:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197560#M36903 starmen2000 2023-11-09T09:00:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197568#M36904 <P>Hi,</P> <P>if all VPN peers are Checkpoint &amp; Centrally managed, you may want to consider using our Quantum SD-WAN for overlay and VPN resiliency.&nbsp;</P> Thu, 09 Nov 2023 09:52:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197568#M36904 AmirArama 2023-11-09T09:52:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197574#M36905 <P>Yes, they are centrally managed. Maybe customer can think about it, we alredy informed the customer about sd-wan solutions. Quick question, can customer test it on current environment. As I know, Sd-wan runs on inifinity portal, but on infinity portal I could not see any eval license option. How it works POC on infinity portal?</P> Thu, 09 Nov 2023 11:15:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197574#M36905 starmen2000 2023-11-09T11:15:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197576#M36906 <P>of course it can be tested on current environment, we just need to see if the env has no known limitations with SD-WAN. check it out here (<A href="https://support.checkpoint.com/results/sk/sk180605" target="_blank">https://support.checkpoint.com/results/sk/sk180605</A>)</P> <P>there is no need for license for the infinity portal. just create account, connect on prem mgmt (i assume?) to the infinity (from the infinity tab).</P> <P>you just need to enable appi/urlf/vpn for that on all SD-WAN GWs.</P> <P>if you need assistance in the POC/planning, feel free to contact me at&nbsp;<A href="mailto:amirar@checkpoint.com" target="_blank">amirar@checkpoint.com</A></P> <P>&nbsp;</P> Thu, 09 Nov 2023 11:41:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VPN-problem-in-ISP-redundancy-scenario/m-p/197576#M36906 AmirArama 2023-11-09T11:41:26Z