Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Which VPN need to Choose to setup with Cloud based Proxy vendors

Hi everyone, 

 

I need to setup 2 VPNs (Primary & Secondary) with my CP to Cloud based Proxy vendor, now I want to know which type of VPN I need to setup between peers, either policy based or route based.

 

I need to forward all Internet traffic to this VPN tunnel so it can be proxied by the cloud based proxy solution.

 

If I setup policy based VPN, how traffic will be shifted to secondary VPN if my primary tunnel goes down.. 

0 Kudos
5 Replies
Highlighted
Admin
Admin

Without knowing what vendor we're talking about, what instructions they provide, and your gateway version/JHF level, it's impossible to provide accurate advice here.
But, in general, DPD is an industry-standard mechanism that can be used for failover purposes.
0 Kudos
Highlighted
Ivory

vendor is Symantec and they said forward all your internet traffic to me via VPN, they will proxied the traffic and forward that to internet post NAT..

I am using R80.10 and want to know if I configure policy based VPN then how my GW will start using backup tunnel in case primary tunnel goes down.

 

if I use route based tunnel in that case I need to create a tunnel interface and set the default route to that VTI..

want to confirm which type of VPN will be good to have in this situation. 

0 Kudos
Highlighted
Employee++
Employee++

The tunnels won't be GRE that much is for certain.

Is their a specific reason you need the 3rd party proxy rather than leverage the capabilities of your Check Point?

0 Kudos
Highlighted

Have you considered CloudGuard Connect, letting you unify your on-prem and cloud policies under a single management and achieving a consistent NSS-certified high level of security?

 

cloudguard-connect-onboarding.png

Highlighted
Silver

https://support.symantec.com/us/en/article.tech253914.html

When vendors want you to do this then they typically publish a document on how to achieve what they ask.

This is from the Symantec Site about how to configure.

Whilst it is for R77.30, configuring VPN's really hasn't changed much, so this is till useful in terms of what to configure.

Please note that says to create Permanent VPN Tunnels and to enable DPD, Dead Peer Detection which is done via the GUIdbedit tool.

This doc refers to a Policy or Domain based VPN so this should answer your question.

0 Kudos