- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi All,
As shown in the diagram, i have a requirement. Site 1 is connected with Remote Site (marked as permanent tunnel) this is working and up. now i need to configure Redundant Tunnel between Site 2 and Remote Site. as per my understanding MEP will work only with checkpoint. what other solution can be provide here and how do i define priority and route.
I just can see a Cisco ASA here - where is which Version/type of CP VPN GW you want a solution for ?
checkpoint at both site is managed by same management
Version
CP -77.30
ASA-9.x
CP -77.30
ASA-9.x
So both CPs have only one VPN tunnel each, but ASA has one main (permanent) and one redundant VPN tunnel - please correct me if i am wrong. So all redundancy configuration must be done on ASA - maybe a Cisco Forum would be more appropriate for this question
.
No,traffic initiator is CP. there is only one VPN tunnel between Site 1 and Remote ASA site. i need to implement a new backup tunnel from site 2 to Remote ASA. in this setup primary tunnel is Site1 to remote ASA. in case of any failure at site 1, the traffic should pass through Site 2 to Remote ASA.
Route Based VPN could be adequate to this scenario, using Numbered VTI. See this discussion:
https://community.checkpoint.com/thread/6641-how-can-i-setup-a-primary-and-backup-s2s-vpn-tunnels
If heading down the route-based VPN path, R80.10 or later on the gateway is strongly recommended. Prior to R80.10 the utilization of the route-based VPN feature required CoreXL to be disabled (i.e. only one Firewall Worker/kernel instance for all traffic processing).
--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
if checkpoint gw protecting the same networks and if you don't want to use route based vpn you can try to apply NAT on one of the checkpoint gateways to present different networks for the ASA as encryption domain.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 13 | |
| 12 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY