This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kristait
Contributor
‎2024-06-25 11:59 PM
Jump to solution

Configuring Remote Access VPN Redundancy with Multiple ISPs

Hello Check Point Community,

We currently have multiple Internet Service Providers (ISPs) and have configured our remote access VPN using the primary link. However, we have noticed that if the primary link goes down, the VPN connection also drops, causing significant disruptions. We are looking for a solution to ensure VPN redundancy.

Has anyone successfully configured a redundant remote access VPN setup with multiple ISPs? If so, could you please share your configuration steps or any best practices to achieve this? Any guidance on failover configurations or relevant documentation would be greatly appreciated.

Device Details: - checkpoint quantum 1800 local managed firewall.

VPN Redundancy with Multiple ISPs.JPG

 
 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-10-07 03:54 PM
In response to Maksimus
Jump to solution

The original poster is talking about Quantum Spark appliances, which have different UI/capabilities in this area.
You can still use DDNS, of course, but it would require setting that up on your own as regular Quantum gateways don't do this.

However, if both ISPs have a fixed IP, the approach in sk174207 would likely work.
You would have to review the situation with TAC.

View solution in original post

9 Replies
PhoneBoy
Admin
Admin
‎2024-06-26 03:18 PM
Jump to solution

This might be an RFE.
You can try this, though: https://support.checkpoint.com/results/sk/sk174207

0 Kudos
kristait
Contributor
‎2024-06-26 09:28 PM
In response to PhoneBoy
Jump to solution

looks like the feature is not included in the product..

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-27 08:19 AM
In response to kristait
Jump to solution

If your gateway has DDNS configured, you might be able to do this: https://support.checkpoint.com/results/sk/sk103440 
Otherwise, you're probably in RFE territory.

0 Kudos
Maksimus
Explorer
‎2024-10-07 12:52 AM
In response to PhoneBoy
Jump to solution

Hello PhoneBoy

sk174207 is unavailable.(error 404). 

kristait,

Did you find solution for RA Redundancy with Multiple ISPs?

 

0 Kudos
kristait
Contributor
‎2024-10-07 01:07 AM
In response to Maksimus
Jump to solution

Hello @Maksimus, we switch to another Cloud hosted VPN, but the SK is related to configure the DDNS in your firewall with DDNS provider like No-IP.

PhoneBoy
Admin
Admin
‎2024-10-07 06:54 AM
In response to Maksimus
Jump to solution

The SK has been recently moved to internal only.
In the case of DAIP for the WAN connections, it's probably not the most appropriate solution, either.
Using the DDNS configuration here is probably your best bet: https://support.checkpoint.com/results/sk/sk103440 

0 Kudos
Maksimus
Explorer
‎2024-10-07 01:29 PM
In response to PhoneBoy
Jump to solution

Many thanks, PhoneBy

In my case i have Static IP and Quantum Force 9100. 

As far as I understand you propose to use DDNS. But it looks like applicable for GAIA embedded only. 

What about GAIA R81.20. I did not find any DDNS configuration for it

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-07 03:54 PM
In response to Maksimus
Jump to solution

The original poster is talking about Quantum Spark appliances, which have different UI/capabilities in this area.
You can still use DDNS, of course, but it would require setting that up on your own as regular Quantum gateways don't do this.

However, if both ISPs have a fixed IP, the approach in sk174207 would likely work.
You would have to review the situation with TAC.

Maksimus
Explorer
‎2024-10-07 04:02 PM
In response to PhoneBoy
Jump to solution

Thanks a lot, @PhoneBoy 

I will contact with TAC 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events