https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/229321#M44170 <P>Hello Everyone,</P><P><SPAN>I have a situation to see if you can support me with your experience.</SPAN></P><P>Objective: have two redundant links (active Backup) through Gaia,&nbsp;Backup traffic returns to primary link when it recovers.</P><P>Internet provider ISP 1 (eth0)<BR />Internet provider ISP 2 (eth2)<BR />1.1.1.1 dns (cloudflare)</P><P>eth0&nbsp;<BR />inet addr:192.168.240.8 Bcast:192.168.240.255 Mask:255.255.255.0</P><DIV class="">&nbsp;</DIV><P>eth2&nbsp;<BR />inet addr:192.168.230.22 Bcast:192.168.230.255 Mask:255.255.255.0</P><P>&nbsp;</P><P>Static route to the two ISP Gateways, traffic egress priority 192.168.240.253 and as Backup<BR />192.168.230.253<BR /><BR />config on Gaia CLI:<BR /><BR />set ip-reachability-detection ping address 1.1.1.1 enable-ping on<BR />set static-route default nexthop gateway address 192.168.230.253 priority 2 on<BR />set static-route default nexthop gateway address 192.168.240.253 priority 1 on<BR />set static-route default nexthop gateway address 192.168.240.253 monitored-ip 1.1.1.1 on<BR />set static-route default nexthop gateway address 192.168.240.253 monitored-ip-option fail-any<BR />set static-route 1.1.1.1/32 nexthop gateway logical eth0 priority 1 on<BR /><BR /></P><P>The Gateway 192.168.240.253 is monitoring the IP 1.1.1.1 when it stops responding and<BR />the traffic changes to the ISP2 192.168.230.253<BR /><BR />And the monitoring of 1.1.1.1 is done through eth0, which is ISP1, so far everything works<BR />perfectly and if it fails it switches automatically to ISP2<BR /><BR />*** I require that when the primary ISP link recovers, the traffic changes to my primary ISP with<BR />priority 1, how could it be configured? I've tried several ways but I can't get it.<BR /><BR />*Using ISP redundancy in Smart Console is not an option because I need to divide the<BR />traffic with PBR in Gaia<BR /><BR /></P><P>&nbsp;</P><P><BR /><BR /><BR /></P><P>&nbsp;</P> Wed, 09 Oct 2024 20:21:18 GMT MardoqueoRob 2024-10-09T20:21:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/229321#M44170 <P>Hello Everyone,</P><P><SPAN>I have a situation to see if you can support me with your experience.</SPAN></P><P>Objective: have two redundant links (active Backup) through Gaia,&nbsp;Backup traffic returns to primary link when it recovers.</P><P>Internet provider ISP 1 (eth0)<BR />Internet provider ISP 2 (eth2)<BR />1.1.1.1 dns (cloudflare)</P><P>eth0&nbsp;<BR />inet addr:192.168.240.8 Bcast:192.168.240.255 Mask:255.255.255.0</P><DIV class="">&nbsp;</DIV><P>eth2&nbsp;<BR />inet addr:192.168.230.22 Bcast:192.168.230.255 Mask:255.255.255.0</P><P>&nbsp;</P><P>Static route to the two ISP Gateways, traffic egress priority 192.168.240.253 and as Backup<BR />192.168.230.253<BR /><BR />config on Gaia CLI:<BR /><BR />set ip-reachability-detection ping address 1.1.1.1 enable-ping on<BR />set static-route default nexthop gateway address 192.168.230.253 priority 2 on<BR />set static-route default nexthop gateway address 192.168.240.253 priority 1 on<BR />set static-route default nexthop gateway address 192.168.240.253 monitored-ip 1.1.1.1 on<BR />set static-route default nexthop gateway address 192.168.240.253 monitored-ip-option fail-any<BR />set static-route 1.1.1.1/32 nexthop gateway logical eth0 priority 1 on<BR /><BR /></P><P>The Gateway 192.168.240.253 is monitoring the IP 1.1.1.1 when it stops responding and<BR />the traffic changes to the ISP2 192.168.230.253<BR /><BR />And the monitoring of 1.1.1.1 is done through eth0, which is ISP1, so far everything works<BR />perfectly and if it fails it switches automatically to ISP2<BR /><BR />*** I require that when the primary ISP link recovers, the traffic changes to my primary ISP with<BR />priority 1, how could it be configured? I've tried several ways but I can't get it.<BR /><BR />*Using ISP redundancy in Smart Console is not an option because I need to divide the<BR />traffic with PBR in Gaia<BR /><BR /></P><P>&nbsp;</P><P><BR /><BR /><BR /></P><P>&nbsp;</P> Wed, 09 Oct 2024 20:21:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/229321#M44170 MardoqueoRob 2024-10-09T20:21:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/229408#M44180 <P>This SK suggests a slightly different configuration is necessary: <A href="https://support.checkpoint.com/results/sk/sk156812" target="_blank">https://support.checkpoint.com/results/sk/sk156812</A>&nbsp;</P> Thu, 10 Oct 2024 15:15:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/229408#M44180 PhoneBoy 2024-10-10T15:15:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/231585#M44660 <P>do you mean you would like to move all the existing connections from ISP-2 back to ISP-1 ? that's not technically feasible mostly, since the source IP will change.</P> <P>but new connections should flow successfully from ISP-1 once it's back.<BR />*make sure that the default route changed back to ISP-1.</P> Sun, 03 Nov 2024 19:50:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/231585#M44660 AmirArama 2024-11-03T19:50:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/231592#M44661 <P>I remember following the sk Phoneboy gave last year and worked fine.</P> <P>Andy</P> Sun, 03 Nov 2024 20:42:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ISP-redundancy-with-Gaia-routes-with-external-host-monitoring/m-p/231592#M44661 the_rock 2024-11-03T20:42:42Z