This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vignesh_RS
Explorer
‎2020-04-14 04:55 AM

RA VPN failover with two ISP

 

We are having two SG in cluster mode (Active/Standby), currently with one ISP. We have planned to have secondary ISP with Active/Active mode & load sharing.

For RA VPN, endpoints are configured with ISP1 cluster IP 1.2.3.4.

Now, after ISP redundancy and load sharing with ISP2. For RA VPN, if we configure one more site with ISP2 cluster IP 5.6.7.8 at endpoint will it works during primary fails. (User has to disconnect site1 and manually connect to site2).

Is there any other configurations needs to be done at firewall level for VPN routing?

5800, GAIA R80.10.

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2020-04-16 05:41 AM

Are you talking about ISP redundancy in the Load Sharing mode with two ISPs?

If yes, read the manual for it: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_fr...

0 Kudos
Vignesh_RS
Explorer
‎2020-04-20 10:48 AM
In response to _Val_

Thanks for the information provided, we have already configured ISP redundancy with load sharing.

After that, in remote access VPN only ISP 1 work, if we try to connect to ISP 2 from remote access VPN it doesn't connect.

If ISP 1 goes down, remote access VPN should work through ISP 2. How to configure the same?

Thanks in advance.

0 Kudos
Prabulingam_N1
Advisor
‎2020-05-26 07:51 AM
In response to Vignesh_RS

Hi Vignesh,

 

For now, there is no ISP Redundancy on Remote Access refer - sk113617

 

But there were some workaround provided to configure 2nd Default route used for working in CheckMates.

"https://community.checkpoint.com/t5/Remote-Access-Solutions/How-to-configure-VPN-Remote-Access-on-no..."

 

 

Regards, Prabu

0 Kudos
Sony_James
Participant
Participant
‎2021-02-21 10:18 PM
In response to Prabulingam_N1

Any Solution on this in new R81 or EA R81.10 version?

0 Kudos
Prabulingam_N1
Advisor
‎2021-02-21 11:28 PM
In response to Sony_James

Not yet SonyJames in R81.x for now....

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events