I am setting up site to site VPN between our Check Point GW and "external partner none CheckPoint GW:s".
They want their site #1 to be primary GW and their site #2 to be secondary/backup GW if site #1 goes down.
So VPN normally goes between our CP GW and partner site #1 GW. If that fails, it would go via partner site #2 GW.
From their notes:
Configure "as a simple Active/Standby routing based on VPN tunnel availability and effectiveness. All traffic flows through 1 site and switchover is based on VPN availability (not routing availability)
Needs coherent VPN availability with routing status at Customer premises.
Often used with Active/Standby VPN tunnel functions, for example on Cisco ASA"
According to CheckPoint "Site to site admin guide" I shall enable the Backup Gateway options in Global properties.
And then be able to configure GW:s as Primary and Secondary/Backup GW:s.
However, this seems only to apply if all the GW is CheckPoint, and this partner is running other brand.
I am configuring external GW:s as "interoperable device" and it works with site #1, as the only site. But there is no option to choose "Use Backup GW" - and choose a GW as backup.
Maybe I shall configure the partners GW:s as "Check Point externally managed devices" instead?
Anyone know how to do or point to some documentation that explains would be great?