Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Benedikt_Weissl
Advisor
Jump to solution

Network Location Awareness and MEP

Will the network location awareness setting "Interface-topology-based" work for any internal interface of any gateway in the remote access vpn community?

For example, lets say there are 2 GWs:
GW A is in the HQ in NY
GW B in a branch office somewhere else

GWs A and B are both in the remote access vpn community and the network location awareness setting "Interface-topology-based" is used. A user in the branch office has the endpoint security vpn client (with "auto-connect" enabled ) installed. Will his client establish a vpn tunnel to GW A through GW B?


0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Hi @Benedikt_Weissl,

Multiple Entry Point (MEP) is a feature that provides a High Availability and Load Sharing solution for VPN connections. A Security Gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the Security Gateway that makes the internal network "available" to remote machines. If a Security Gateway should become unavailable, the internal network too, is no longer available. A MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access.

You can use the following MEP selection methods for explicite MEP:

- first to respond                     > The first Security Gateway to reply to the peer Security Gateway is chosen.
- VPN domain                          >  If the destination IP address belongs to a particular VPN domain,
                                                       the Security Gateway of that domain becomes the chosen entry point.

- random selection                 > The remote peer randomly selects a Security Gateway, with which to open a VPN connection.
- manually set priority list     > Priorities of Security Gateways can be set manually for the entire VPN community,
                                                      or for individual satellite Security Gateways.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

1 Reply
HeikoAnkenbrand
Champion Champion
Champion

Hi @Benedikt_Weissl,

Multiple Entry Point (MEP) is a feature that provides a High Availability and Load Sharing solution for VPN connections. A Security Gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the Security Gateway that makes the internal network "available" to remote machines. If a Security Gateway should become unavailable, the internal network too, is no longer available. A MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access.

You can use the following MEP selection methods for explicite MEP:

- first to respond                     > The first Security Gateway to reply to the peer Security Gateway is chosen.
- VPN domain                          >  If the destination IP address belongs to a particular VPN domain,
                                                       the Security Gateway of that domain becomes the chosen entry point.

- random selection                 > The remote peer randomly selects a Security Gateway, with which to open a VPN connection.
- manually set priority list     > Priorities of Security Gateways can be set manually for the entire VPN community,
                                                      or for individual satellite Security Gateways.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events