- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello,
I was looking into using MEP for remote access, however I am struggling to have it running properly. Maybe you will have some ideas and will share your experience.
Two gateways (R80.40 latest) covering same encryption domain. Manual MEP mode, with load-sharing. Endpoint VPN client 82.50 for mac, 83.20 for windows.
It all works fine until I want to simulate a failure of one gateway. When connected to gateway abc, I disable it, and VPN client is stuck at reconnecting state and nothing happens. From tcpdump I see it sends udp/4500 and tcp/443 to gateway abc, but never tries the other one. I stop reconnection and try establishing new connection and with some delay connection succeeds. Tried sk115996 - no help.
Uploading trac file from the gateway just in case.
PhoneBoy
If you notice in sk115996, it says the default failover timer is 2 minutes.
Even with the configuration specified in sk115996, the minimum failover time you can configure is 1 minute.
Yes, I am aware of that. I waited at least 10 minutes and nothing happened, hence the post. I was checking with tcpdump on the client and during reconnect not a single connection was sent to the other node. Something is wrong with the config and I can't figure it out. Anyway, TAC case registered too.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY