This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Benedikt_Weissl
Advisor
‎2020-07-10 01:31 AM
Jump to solution

Network Location Awareness and MEP

Will the network location awareness setting "Interface-topology-based" work for any internal interface of any gateway in the remote access vpn community?

For example, lets say there are 2 GWs:
GW A is in the HQ in NY
GW B in a branch office somewhere else

GWs A and B are both in the remote access vpn community and the network location awareness setting "Interface-topology-based" is used. A user in the branch office has the endpoint security vpn client (with "auto-connect" enabled ) installed. Will his client establish a vpn tunnel to GW A through GW B?


0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-07-10 02:13 AM
Jump to solution

Hi @Benedikt_Weissl,

Multiple Entry Point (MEP) is a feature that provides a High Availability and Load Sharing solution for VPN connections. A Security Gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the Security Gateway that makes the internal network "available" to remote machines. If a Security Gateway should become unavailable, the internal network too, is no longer available. A MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access.

You can use the following MEP selection methods for explicite MEP:

- first to respond                     > The first Security Gateway to reply to the peer Security Gateway is chosen.
- VPN domain                          >  If the destination IP address belongs to a particular VPN domain,
                                                       the Security Gateway of that domain becomes the chosen entry point.
- random selection                 > The remote peer randomly selects a Security Gateway, with which to open a VPN connection.
- manually set priority list     > Priorities of Security Gateways can be set manually for the entire VPN community,
                                                      or for individual satellite Security Gateways.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

1 Reply
HeikoAnkenbrand
Champion Champion
Champion
‎2020-07-10 02:13 AM
Jump to solution

Hi @Benedikt_Weissl,

Multiple Entry Point (MEP) is a feature that provides a High Availability and Load Sharing solution for VPN connections. A Security Gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the Security Gateway that makes the internal network "available" to remote machines. If a Security Gateway should become unavailable, the internal network too, is no longer available. A MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access.

You can use the following MEP selection methods for explicite MEP:

- first to respond                     > The first Security Gateway to reply to the peer Security Gateway is chosen.
- VPN domain                          >  If the destination IP address belongs to a particular VPN domain,
                                                       the Security Gateway of that domain becomes the chosen entry point.
- random selection                 > The remote peer randomly selects a Security Gateway, with which to open a VPN connection.
- manually set priority list     > Priorities of Security Gateways can be set manually for the entire VPN community,
                                                      or for individual satellite Security Gateways.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top