cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Site to Site VPN with non CheckPoint GW and backup GW

Jump to solution

Hi.
I am setting up site to site VPN between our Check Point GW and "external partner none CheckPoint GW:s".
They want their site #1 to be primary GW and their site #2 to be secondary/backup GW if site #1 goes down.

So VPN normally goes between our CP GW and partner site #1 GW. If that fails, it would go via partner site #2 GW.

From their notes:

Configure  "as a simple Active/Standby routing based on VPN tunnel availability and effectiveness. All traffic flows through 1 site and switchover is based on VPN availability (not routing availability)
Needs coherent VPN availability with routing status at Customer premises.
Often used with Active/Standby VPN tunnel functions, for example on Cisco ASA"

According to CheckPoint "Site to site admin guide" I shall enable the Backup Gateway options in Global properties.
And then be able to configure GW:s as Primary and Secondary/Backup GW:s.
However, this seems only to apply if all the GW is CheckPoint, and this partner is running other brand.

I am configuring external GW:s as "interoperable device" and it works with site #1, as the only site. But there is no option to choose "Use Backup GW" - and choose a GW as backup.

Maybe I shall configure the partners GW:s as "Check Point externally managed devices" instead?
Anyone know how to do or point to some documentation that explains would be great?
Thank´s, Tobias

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee++
Employee++

Re: Site to Site VPN with non CheckPoint GW and backup GW

Jump to solution

Hi

 

In order to see the Back Gateways on the Externally Managed VPN Gateway:

1) Go to - Menu > Global Properties > VPN > Advanced > add check-in for Enable Backup Gateway

2) Define an Externally Managed VPN Gateway and go to - IPSec VPN topic

3) At the bottom enable Use Backup Gateway

 

I hope this is what you were looking for

Tal

 

 

3 Replies
Highlighted
Employee++
Employee++

Re: Site to Site VPN with non CheckPoint GW and backup GW

Jump to solution

Hi

 

In order to see the Back Gateways on the Externally Managed VPN Gateway:

1) Go to - Menu > Global Properties > VPN > Advanced > add check-in for Enable Backup Gateway

2) Define an Externally Managed VPN Gateway and go to - IPSec VPN topic

3) At the bottom enable Use Backup Gateway

 

I hope this is what you were looking for

Tal

 

 

Re: Site to Site VPN with non CheckPoint GW and backup GW

Jump to solution
Thank you very much. Setting up the external, third party GW:s as "External Managed Check Point Gateway" did the trick 🙂
0 Kudos

Re: Site to Site VPN with non CheckPoint GW and backup GW

Jump to solution

Maybe you can find it here: Site to Site VPN Administration Guide R80.20 p.38.