This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Travis_G
Explorer
‎2020-05-03 02:44 AM
Jump to solution

Site to Host IPSEC VPN ISP redundancy with Gateway behind static NAT

Hi,

 

I am trying to add a new ISP to my current setup so as to achieve redundancy for my remote user in case 1 of the ISP when down. The setup is as such. Firmware used is R80.10

 

       ISP1                          ISP2(New)

          |                                   |

        Switch------------- Switch

                | /                      \  |

     Load balancer -------Load balancer    (Static Nat)

                |                                |

           Switch------------Switch   

                |                                |

            CP1-----------------CP2                (Active-Passive ClusteXL)

 

However it appears that only 1 ISP can be active at a time. Static NAT field in link selection only allow 1 IP to be inserted.

When i change it to ISP2 ip the ISP2 tunnel is active and the ISP1 is down. Btw this is for remote access (IPSEC site to host).

When i try to select probing under link selection and insert the IP for 2 ISP, it does not work either.

 

Is there anyway i could make this work?

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2020-06-05 11:54 AM
In response to huytq1786
Jump to solution

@huytq1786 

yes, you can have ISP redundancy. You have to enable this if you have defined two external interfaces on the gateway.

But I think behind two different NAT devices ( as mentioned by @Travis_G ) this is not possible. 

Wolfgang

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2020-05-03 09:57 PM
Jump to solution

Have you configured ISP Redundancy at all?
Not exactly sure how it'd work in this case where some other device is doing the NAT.
0 Kudos
huytq1786
Participant
‎2020-06-05 11:44 AM
In response to PhoneBoy
Jump to solution

I have the same question. Can we have a ISP redundancy solution on the checkpoint ?

0 Kudos
Wolfgang
Authority
Authority
‎2020-06-05 11:54 AM
In response to huytq1786
Jump to solution

@huytq1786 

yes, you can have ISP redundancy. You have to enable this if you have defined two external interfaces on the gateway.

But I think behind two different NAT devices ( as mentioned by @Travis_G ) this is not possible. 

Wolfgang

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events