Hello.

Thanks for your feedback.

Parameter "transport_connect_timeout"  and ccc_timeout does not help. Reconnection more than 2 minutes. Target switching time is 5 seconds.

Configuration description:

1. Checkpoint FW 6400, two Internet providers. Remote Access ISP Redundancy - Primary (ISP-1) / Backup (IPS-2)

2. VPN client uses the mep mode "first to respond" for two FW providers (ISP above)

:mep_mode (

             :gateway (

                 :map (

                     :dns_based (dns_based)

                     :first_to_respond (first_to_respo

nd)

                     :primary_backup (primary_backup)

                     :load_sharing (load_sharing)

                     :client_decide (client_decide)

                 )

                 :default (first_to_respond)

:ips_of_gws_in_mep (

             :gateway (

                 :default (ISP-1&#ISP-2&#)

             )

         )

3. transport_connect_timeout - 2000

4.  ccc_timeout -6000   

 Situation description:

1. Disconnect the main ISP provider

2. Client detects loss of connection

3. Starts reconnection

4. Hangs on reconnection for about a minute and a half

5. Reconnects to the second available IP

6. CPn Client logs 

[21 Jan 1:42:56] Client state is connecting
[21 Jan 1:42:56] Connection was successfully established (1)
[21 Jan 1:53:21] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18002.
[21 Jan 1:53:23] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18003.
[21 Jan 1:53:26] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18004.
[21 Jan 1:53:28] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18005.
[21 Jan 1:53:31] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18006.
[21 Jan 1:53:33] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18007.
[21 Jan 1:53:36] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18008.
[21 Jan 1:53:38] No reply from the gw ip=172.20.0.1 for tunnel test packet. Office Mode IP=172.16.12.2, source port=18009.
[21 Jan 1:53:39] IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.
[21 Jan 1:53:39] Client state is connected
[21 Jan 1:53:39] Tunnel (1) disconnected. State is connected. Trying to reconnect.
[21 Jan 1:53:42] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:53:42] Client state is reconnecting
[21 Jan 1:53:42] Reconnect failed. trying again (1)
[21 Jan 1:53:46] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:53:46] Client state is reconnecting
[21 Jan 1:53:46] Reconnect failed. trying again (1)
[21 Jan 1:53:50] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:53:50] Client state is reconnecting
[21 Jan 1:53:50] Reconnect failed. trying again (1)
[21 Jan 1:53:54] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:53:54] Client state is reconnecting
[21 Jan 1:53:54] Reconnect failed. trying again (1)
[21 Jan 1:53:58] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:53:58] Client state is reconnecting
[21 Jan 1:53:58] Reconnect failed. trying again (1)
[21 Jan 1:54:02] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:02] Client state is reconnecting
[21 Jan 1:54:02] Reconnect failed. trying again (1)
[21 Jan 1:54:06] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:06] Client state is reconnecting
[21 Jan 1:54:06] Reconnect failed. trying again (1)
[21 Jan 1:54:09] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:09] Client state is reconnecting
[21 Jan 1:54:09] Reconnect failed. trying again (1)
[21 Jan 1:54:13] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:13] Client state is reconnecting
[21 Jan 1:54:13] Reconnect failed. trying again (1)
[21 Jan 1:54:17] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:17] Client state is reconnecting
[21 Jan 1:54:17] Reconnect failed. trying again (1)
[21 Jan 1:54:22] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:22] Client state is reconnecting
[21 Jan 1:54:22] Reconnect failed. trying again (1)
[21 Jan 1:54:25] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:25] Client state is reconnecting
[21 Jan 1:54:25] Reconnect failed. trying again (1)
[21 Jan 1:54:29] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:29] Client state is reconnecting
[21 Jan 1:54:29] Reconnect failed. trying again (1)
[21 Jan 1:54:33] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:33] Client state is reconnecting
[21 Jan 1:54:33] Reconnect failed. trying again (1)
[21 Jan 1:54:37] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:37] Client state is reconnecting
[21 Jan 1:54:37] Reconnect failed. trying again (1)
[21 Jan 1:54:41] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:41] Client state is reconnecting
[21 Jan 1:54:41] Reconnect failed. trying again (1)
[21 Jan 1:54:45] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:45] Client state is reconnecting
[21 Jan 1:54:45] Reconnect failed. trying again (1)
[21 Jan 1:54:49] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:49] Client state is reconnecting
[21 Jan 1:54:49] Reconnect failed. trying again (1)
[21 Jan 1:54:53] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:53] Client state is reconnecting
[21 Jan 1:54:53] Reconnect failed. trying again (1)
[21 Jan 1:54:57] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:54:57] Client state is reconnecting
[21 Jan 1:54:57] Reconnect failed. trying again (1)
[21 Jan 1:55:01] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:01] Client state is reconnecting
[21 Jan 1:55:01] Reconnect failed. trying again (1)
[21 Jan 1:55:05] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:05] Client state is reconnecting
[21 Jan 1:55:05] Reconnect failed. trying again (1)
[21 Jan 1:55:09] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:09] Client state is reconnecting
[21 Jan 1:55:09] Reconnect failed. trying again (1)
[21 Jan 1:55:14] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:14] Client state is reconnecting
[21 Jan 1:55:14] Reconnect failed. trying again (1)
[21 Jan 1:55:18] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:18] Client state is reconnecting
[21 Jan 1:55:18] Reconnect failed. trying again (1)
[21 Jan 1:55:21] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:21] Client state is reconnecting
[21 Jan 1:55:21] Reconnect failed. trying again (1)
[21 Jan 1:55:26] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:26] Client state is reconnecting
[21 Jan 1:55:26] Reconnect failed. trying again (1)
[21 Jan 1:55:30] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:30] Client state is reconnecting
[21 Jan 1:55:30] Reconnect failed. trying again (1)
[21 Jan 1:55:34] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:34] Client state is reconnecting
[21 Jan 1:55:34] Reconnect failed. trying again (1)
[21 Jan 1:55:38] IKE connection failed, error code=-1000. Reason: Site is not responding.
[21 Jan 1:55:38] Client state is reconnecting
[21 Jan 1:55:38] Reconnect failed. trying again (1)
[21 Jan 1:55:39] Client state is reconnecting
[21 Jan 1:55:39] State reconnecting. Roaming timeout is reached, cancelling connection (1)
[21 Jan 1:55:40] Client state is idle
[21 Jan 1:55:40] Starting connect...
[21 Jan 1:55:40] Creating primary conn flow to CO-CPGW-VPN (1)
[21 Jan 1:55:50] MEP resolving: Setting gw_ipaddr and vpnd_addr to ISP-2
[21 Jan 1:55:50] Sent ClientHello
[21 Jan 1:55:50] upgarde is not configured on the site
[21 Jan 1:55:50] Starting new connection (1)
[21 Jan 1:55:52] Topology download in progress
[21 Jan 1:55:52] upgarde is not configured on the site
[21 Jan 1:55:52] no need executing firewall step
[21 Jan 1:55:52] Office mode IP was set successfully
[21 Jan 1:55:55] OM started successfully with IP = 172.16.12.4.
[21 Jan 1:55:55] Client state is connecting
[21 Jan 1:55:55] Connection was successfully established (1)

The logs indicate the client is trying the first ISP IP, is timing out, then trying the second, which is what I expected based on your description.
You have a couple of potentially conflicting settings here: "first to respond" and "primary backup."
Having said that, "first to respond" may only apply when there are multiple gateways, whereas this is on the same one.

Not sure if there's an adjustable timer for this specific situation.
I suggest consulting TAC but suspect what you're looking more might involve an RFE.

Okay, thanks.
With what topology (configuration) can I achieve the minimum time for switching a VPN client between providers? 2 minutes is a long time, it is unlikely that such a large vendor as Check Point considers this the norm.

If you have an understanding, please point me in the right direction

Most likely, you'd need Harmony SASE to achieve this, at least based on what I know of our current products/solutions.
Best to discuss your specific requirements with your local Check Point office.