cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Checkpoint 5400 with secondary internet

How can i config the checkpoint with secondary internet ? The interface part only let me to enter the IP address and subnet. How about the gateway and it's new set of DNS ? I want to set the secondary internet for IPSec-VPN only. I searched for post whole days but in vain. THX

0 Kudos
7 Replies
Wolfgang
Silver

Re: Checkpoint 5400 with secondary internet

Timothy,

are you talking about two internet connections ?

Normal configuration for two ISPs will be configured via ISP redundancy :

ISP-redundancy.PNG

 

 

 

 

 

 

 

 

And via VPN link selection you can configure one of the external links as main IP for IPSEC-tunnel.

 

Wolfgang

0 Kudos

Re: Checkpoint 5400 with secondary internet

Thank you for your reply. i will try that later. but is it i don't need to configure the static routing option in the web ? and can i config 1 vpn with the primary line and the second vpn with the backup line ?

0 Kudos
Wolfgang
Silver

Re: Checkpoint 5400 with secondary internet

Timothy,

the link selection configuration is effective for all VPN connections, you can‘t configure these different for different VPNs.

Can you please explain more detailed your question for configuring routing. 

Wolfgang

0 Kudos

Re: Checkpoint 5400 with secondary internet

I configured the  ISP redundancy at smartconsole. but in the web "static route" i can only see the "default" route with a single gateway to the first ISP. How about the second ISP gateway ? or i don't need to care about it once the  ISP redundancy is set in smartconsole ? THX

0 Kudos
Wolfgang
Silver

Re: Checkpoint 5400 with secondary internet

The default gateways for the ISPs are set via SmartConsole.

Wolfgang

ISP-redundancy_gateway.PNG

0 Kudos

Re: Checkpoint 5400 with secondary internet

We have setup ISP redundancy and it seems work bcs we can connect the 2nd ISP IP with smartconsole. However, the VPN is not working. Even i have choose the "Selected address from topology table" IP to the 2nd ISP IP. The log from another side firewall reported "IKE Initiator: Proposed IKE ID mismatch" and further log shows "VPN Policy: VPN_Office2; Local ID: 2nd ISP IP; Remote ID: 1st ISP IP. The checkpoint still answering the 1st ISP IP as and ID. Changing back to 1st ISP IP it working again of course. How come ? THX

0 Kudos

Re: Checkpoint 5400 with secondary internet

I would suggest to consult R80.30 Site to Site VPN Administration Guide p. 40ff - Link Selection !