Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SamiH
Contributor

Policy Based Routing (PBR) and Domain vpn

Policy Based Routing sk100500 just shortly states that PBR cannot be used with Domain vpn. If I use PBR just for a certain network, am I able to use Domain vpn with other networks or how does it affect Domain vpn?

My other problem is that we have 2 ISPs and some networks need to be routed via ISP1 and some via ISP2. I currently have many s2s domain vpns via ISP1 and at some point would like to start moving them one-by-one to ISP2, but if PBR doesn't work with domain vpn, I don't see a way to do this with one Gateway cluster? If I remove PBR, either the ISP1 or ISP2 owned network will route wrong with static routes.

 

0 Kudos
1 Reply
G_W_Albrecht
Legend
Legend

This is not true - what the SK states is that:

  • The following features/blades are not supported with PBR:
    • IPv6
    • URL Filtering
    • IPS
    • Locally-generated traffic
    • Security Servers
    • Data Loss Prevention (DLP) blade
    • VPN Domain Based
    • VPN Route Based
    • Anti-Spam blade
    • Mail Transfer Agent (MTA) (relevant for Threat Emulation/Threat Extraction/Data Loss Prevention/Anti-Spam blades)
    • ISP Redundancy
    • The following applications (which use Check Point Active Streaming [CPAS]):
      • VoIP (H323, SIP, Skinny, etc.)
      • HTTPS Inspection
      • HTTP Header Spoofing
      • HTTP Proxy
      • IMAP in IPS

So you can not use PBR just for a certain network and use Domain vpn with other networks. But you can mix VPN Domain Based and VPN Route Based, see sk109340: Mixing Route Based VPN with Domain Based VPN on the same Security Gateway!

CCSE CCTE CCSM SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events