This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Timothy_Fan
Participant
‎2019-09-22 08:06 PM

Checkpoint 5400 with secondary internet

How can i config the checkpoint with secondary internet ? The interface part only let me to enter the IP address and subnet. How about the gateway and it's new set of DNS ? I want to set the secondary internet for IPSec-VPN only. I searched for post whole days but in vain. THX

0 Kudos
7 Replies
Wolfgang
Authority
Authority
‎2019-09-23 12:09 AM

Timothy,

are you talking about two internet connections ?

Normal configuration for two ISPs will be configured via ISP redundancy :

ISP-redundancy.PNG

 

 

 

 

 

 

 

 

And via VPN link selection you can configure one of the external links as main IP for IPSEC-tunnel.

 

Wolfgang

0 Kudos
Timothy_Fan
Participant
‎2019-09-23 08:43 PM
In response to Wolfgang

Thank you for your reply. i will try that later. but is it i don't need to configure the static routing option in the web ? and can i config 1 vpn with the primary line and the second vpn with the backup line ?

0 Kudos
Wolfgang
Authority
Authority
‎2019-09-24 12:38 PM
In response to Timothy_Fan

Timothy,

the link selection configuration is effective for all VPN connections, you can‘t configure these different for different VPNs.

Can you please explain more detailed your question for configuring routing. 

Wolfgang

0 Kudos
Timothy_Fan
Participant
‎2019-09-24 05:57 PM
In response to Wolfgang

I configured the  ISP redundancy at smartconsole. but in the web "static route" i can only see the "default" route with a single gateway to the first ISP. How about the second ISP gateway ? or i don't need to care about it once the  ISP redundancy is set in smartconsole ? THX

0 Kudos
Wolfgang
Authority
Authority
‎2019-09-25 12:31 AM
In response to Timothy_Fan

The default gateways for the ISPs are set via SmartConsole.

Wolfgang

ISP-redundancy_gateway.PNG

0 Kudos
Timothy_Fan
Participant
‎2019-09-25 07:27 PM
In response to Wolfgang

We have setup ISP redundancy and it seems work bcs we can connect the 2nd ISP IP with smartconsole. However, the VPN is not working. Even i have choose the "Selected address from topology table" IP to the 2nd ISP IP. The log from another side firewall reported "IKE Initiator: Proposed IKE ID mismatch" and further log shows "VPN Policy: VPN_Office2; Local ID: 2nd ISP IP; Remote ID: 1st ISP IP. The checkpoint still answering the 1st ISP IP as and ID. Changing back to 1st ISP IP it working again of course. How come ? THX

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-09-23 01:25 AM

I would suggest to consult R80.30 Site to Site VPN Administration Guide p. 40ff - Link Selection !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top