Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

RA VPN failover with two ISP

 

We are having two SG in cluster mode (Active/Standby), currently with one ISP. We have planned to have secondary ISP with Active/Active mode & load sharing.

For RA VPN, endpoints are configured with ISP1 cluster IP 1.2.3.4.

Now, after ISP redundancy and load sharing with ISP2. For RA VPN, if we configure one more site with ISP2 cluster IP 5.6.7.8 at endpoint will it works during primary fails. (User has to disconnect site1 and manually connect to site2).

Is there any other configurations needs to be done at firewall level for VPN routing?

5800, GAIA R80.10.

0 Kudos
3 Replies
Highlighted
Admin
Admin

Are you talking about ISP redundancy in the Load Sharing mode with two ISPs?

If yes, read the manual for it: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_fr...

0 Kudos
Highlighted
Explorer

Thanks for the information provided, we have already configured ISP redundancy with load sharing.

After that, in remote access VPN only ISP 1 work, if we try to connect to ISP 2 from remote access VPN it doesn't connect.

If ISP 1 goes down, remote access VPN should work through ISP 2. How to configure the same?

Thanks in advance.

0 Kudos
Highlighted

Hi Vignesh,

 

For now, there is no ISP Redundancy on Remote Access refer - sk113617

 

But there were some workaround provided to configure 2nd Default route used for working in CheckMates.

"https://community.checkpoint.com/t5/Remote-Access-Solutions/How-to-configure-VPN-Remote-Access-on-no..."

 

 

Regards, Prabu

0 Kudos