This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
beneaton
Contributor
‎2020-02-13 03:44 AM
Jump to solution

Multiple Satelitte Gateways - VPN Setup

Hi all,

Could anyone help me out at all? Even if there's a guide I've missed, or a CheckMates post already on this (I did search, but only found some questions vaguely similar) that'd be great.

I am wanting to setup 2 VPN Tunnels/1 Community
A Side (Me) - Check Point Sec GW R80.10
B Side - 2 x AWS Cloud GWs

We've had "Tunnel 1" setup already, and when we put traffic through it, it did work. So that should be fine.
Struggling with how to setup "Tunnel 2".

The only differences between Tunnel 1 and Tunnel 2:
IPs are not the IPs in use, just examples which reflect the same scenario -

T1:
Outside Customer GW: 28.226.247.191
Outside Virtual GW: 28.200.211.101
Inside Customer GW: 159.254.87.40/30
Inside Virtual GW: 159.254.87.39/30
Next Hop: 159.254.87.39
T2:
Outside Customer GW: 28.226.147.191
Outside Virtual GW: 28.203.110.6
Inside Customer GW: 159.254.184.96/30
Inside Virtual GW: 159.254.184.95/30
Next Hop: 159.254.184.95


So a Star Community?
Center - My Cluster object
Satelittes - Both Interoperable devices?
Tunnel - Per subnet pair or Per gateway pair?
VPN Routing - Center only?

In the Interoperable device -
IP: Outside Virtual Private Gateway IP?
Topology: Manually defined ENC domain (group to be empty?)


I appreciate any input in advance.


Thanks,
Ben

0 Kudos
1 Solution

Accepted Solutions
5 Replies
Maarten_Sjouw
Champion
Champion
‎2020-02-13 03:48 AM
Jump to solution

First and foremost important question: Is this Route based VPN where Tunnel 2 is the backup to Tunnel1?
Regards, Maarten
0 Kudos
beneaton
Contributor
‎2020-02-13 03:50 AM
In response to Maarten_Sjouw
Jump to solution

Hi Maarten,

Sorry yes, the 2nd tunnel is to be used for redundancy.

Thanks

0 Kudos
_Val_
Admin
Admin
‎2020-02-13 03:53 AM
In response to beneaton
Jump to solution

Uh, that changes things a bit. Look here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

beneaton
Contributor
‎2020-02-13 04:20 AM
In response to _Val_
Jump to solution

That guide looks comprehensive, and mentions Tunnel 1 / Tunnel 2 - It does advise how to setup BGP, which was another question I had whether BGP was needed or not. Happy to try this. Thank you very much!
0 Kudos
_Val_
Admin
Admin
‎2020-02-13 03:51 AM
Jump to solution

Hi,

it depends on your needs. You can either do two communities, or a single star with your physical cluster in the center and some optional VPN routing between satellites. Center only means traffic between satellites will not be passing through. 

Use per par of GWs, as recommended here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...


0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events