Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chinmay_mandal
Explorer

How many external interface can be created on an Internet facing Firewall?

We have one internet facing FW which is having 1 external Interface with some Public IP address range. While forming VPN between my organization FW and client FW. we are using virtual IP of external Interface of Firewall as peer IP for my organization. 

Can we create sub-interface on external interface of Internet facing Firewall and assign one more public IP subnet and form VPN with Clients by using both physical and sub-interface external interface? Is this solution feasible?

0 Kudos
4 Replies
Gomboragchaa
Advisor

You can create multiple external interface on firewall and It can be dedicated or vlan interface.

Creating VLAN interfaces on physical interface in Gaia OS.

Probably Link Selection could in this case.

VPN R77 Versions Administration Guide 

0 Kudos
Gaurav_Pandya
Advisor

Hi Chinmay,

I am not sure that it would work or not but you will face issue with routing. ISP redundancy is good option.

0 Kudos
Maarten_Sjouw
Champion
Champion

Why would you need to use 2 different IP addresses for 2 different functions?

The external IP can be used for normal outbound traffic, for Inbound port NAT and static NAT and on top of that as the VPN end-point for Site-2-Site VPN, RAS and SSL-VPN.

Regards, Maarten
0 Kudos
PhoneBoy
Admin
Admin

While we technically support configuring more than one IP on a given interface on a single gateway:

  • We don't recommend it
  • It is not supported if ClusterXL or VRRP is used

See: Support for Sub-interfaces / Alias IP address / Secondary IP address in Check Point products 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events