This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rdinata01
Explorer
‎2022-09-27 01:03 AM
Jump to solution

ISP Redudancy R80.40 for Network Object

Hello All,

Btw currently im in development for testing ISP redundancy for our internal network using #CP 6900 R80.40 Cluster mode
as, documentation ISP redundancy is working with object using automatic hide nat. im already testing and its working for connection and swing between each ISP like bellow.

 

Host ISP.png

 But somehow, we have plan to use Internet ISP on CP for direct internet user, so i try to use this hide nat for all internal net like bellow, but when i test connection on pc, the connection is not working

Host Subnet.png

 Is there anyone know, and maybe have some advice, how to set isp redundancy for outgoing connection for some subnet/network ? Thanks in advance


 

 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2022-09-27 01:18 AM
Jump to solution

Manual NAT Hide rules will not work with ISP redundancy, this is mentioned in the documentation and also in sk61692. Define your NET_10.0.0.0 as an object (you did) and set up automatic NAT hide behind the GW for it.

View solution in original post

5 Replies
_Val_
Admin
Admin
‎2022-09-27 01:18 AM
Jump to solution

Manual NAT Hide rules will not work with ISP redundancy, this is mentioned in the documentation and also in sk61692. Define your NET_10.0.0.0 as an object (you did) and set up automatic NAT hide behind the GW for it.

rdinata01
Explorer
‎2022-09-27 01:48 AM
In response to _Val_
Jump to solution

Hi thanks @_Val_ thanks for your advice,
Btw im already set hide nat for the subnet , but, the connection only working with isp defined on IPv4 Cluster IPS, let say, ISP A with ip 103.111 , and im tes isp redundancy wih two isp, ISP A and ISP B # im setting ISP B, is high priority than ISP A, but when i check on user, client still connected to ISP A, and when i shutdown ISP A, the connection is down. Is there any additional configuration ? or should i set ISP A as primary, since i set IPv4 cluster public using ISP A. Thanks


Object.png

###

ISP Conf.png

 

 

 

 

 

 



###

0 Kudos
_Val_
Admin
Admin
‎2022-09-27 02:03 AM
In response to rdinata01
Jump to solution

Uh, you don't like simple life, you are running a Load Sharing config 🙂

Did you remove the manual NAT rule mentioned above? If yes, and if internet connectivity drops after turning of ISP1, check for any routes on the GW for NET_10 object. If you do not have those, open a TAC case, this should work as described above.

0 Kudos
rdinata01
Explorer
‎2022-09-27 02:17 AM
In response to _Val_
Jump to solution

haha
Yes im running load load sharing due to we want to focus our internet user direct via ISP B, so we set 75% and 25% on ISP A for remote access users. for manual nat we already deleted too

and btw thanks for your time, we will check and test it again durring next mw

0 Kudos
_Val_
Admin
Admin
‎2022-09-27 02:05 AM
In response to rdinata01
Jump to solution

Also, look into sk105239, this is your simptom. Most probably a config issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events