This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
skandshus
Advisor
Advisor
‎2023-09-02 07:31 AM
Jump to solution

VPN Community with a remote device that has ISP redundancy

Hello everybody

 

 

Right now having a Check-point Open server running R81.20 with a VPN community connecting to a Checkpoint 1570 device which has 2 ip addresses.

 

 

so Local gateway has 1 ip

remote gateway has 2

 

if primary connection drops out on remote gateway the Site-to-site connection drops because there is no automatic ISP redundancy on the VPN site. right now i have to manually remove the device from the VPN Community and add the device again but with the secondary ip address to fix this. and bring up the tunnel again.

 

I have created 2 Interoperable device for this. 1 with Primary ip address. and 1 with secondary ip address.


there must be a way to avoid this, can anybody shed some light over this. Looking in the support articles doesnt seem to clear about how i can achieve this

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-09-05 12:52 PM
Jump to solution

You can probably do something similar to the following: https://support.checkpoint.com/results/sk/sk174848
The part that is most relevant to your situation is how the VPN community is configured (both "interoperable devices" part of the encryption domain and enabling/configuring MEP in the community).

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
‎2023-09-05 12:52 PM
Jump to solution

You can probably do something similar to the following: https://support.checkpoint.com/results/sk/sk174848
The part that is most relevant to your situation is how the VPN community is configured (both "interoperable devices" part of the encryption domain and enabling/configuring MEP in the community).

the_rock
Legend
Legend
‎2023-09-05 03:42 PM
Jump to solution

I once got ask super valid question by the cusotmer..."Andy, whats even the point of ISP redundancy for S2S vpn tunnels, when there wont be automatic failover to 2nd link if primary fails and you have to do everything manually?"

I could not give them a good answer, because its totally LOGICAL question.

I think sk Phoneboy gave you is your best option.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events