Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
I am setting up site to site VPN between our Check Point GW and "external partner none CheckPoint GW:s".
They want their site #1 to be primary GW and their site #2 to be secondary/backup GW if site #1 goes down.
So VPN normally goes between our CP GW and partner site #1 GW. If that fails, it would go via partner site #2 GW.
From their notes:
Configure "as a simple Active/Standby routing based on VPN tunnel availability and effectiveness. All traffic flows through 1 site and switchover is based on VPN availability (not routing availability)
Needs coherent VPN availability with routing status at Customer premises.
Often used with Active/Standby VPN tunnel functions, for example on Cisco ASA"
According to CheckPoint "Site to site admin guide" I shall enable the Backup Gateway options in Global properties.
And then be able to configure GW:s as Primary and Secondary/Backup GW:s.
However, this seems only to apply if all the GW is CheckPoint, and this partner is running other brand.
I am configuring external GW:s as "interoperable device" and it works with site #1, as the only site. But there is no option to choose "Use Backup GW" - and choose a GW as backup.
Maybe I shall configure the partners GW:s as "Check Point externally managed devices" instead?
Anyone know how to do or point to some documentation that explains would be great?
In order to see the Back Gateways on the Externally Managed VPN Gateway:
1) Go to - Menu > Global Properties > VPN > Advanced > add check-in for Enable Backup Gateway
2) Define an Externally Managed VPN Gateway and go to - IPSec VPN topic
3) At the bottom enable Use Backup Gateway
I hope this is what you were looking for