Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rannekww
Participant

VPN connection via two providers

Checkpoint 4400.

There used to be one provider. Now the second one has been connected.
The question arose: is it possible to connect via VPN through two providers at the same time? Do I need to add anything else? Or do I need to reissue the certificate for the gateway by adding the IP of the second provider to it?

I want to connect from a desktop computer via Checkpoint EndPoint Security via two IP addresses. The first IP is provider A and the second IP is provider B. By IP provider A, the connection is successful. A by IP provider B: Failed to create the new site. Site is not responding.

0 Kudos
7 Replies
G_W_Albrecht
Legend Legend
Legend

0 Kudos
RS_Daniel
Advisor

Hello,

You can check sk174207, it says "E75.X / E8X.X clients only support static link selection (sk56580 Link Selection)." and gives you a workaround if you are working with ISP redundancy.

I have it working on some customers with DNS, each public IP has its own FQDN, then applied sk103440 to force DNS resolution on every connection.

Regards

0 Kudos
Rannekww
Participant

Thanks. I'll take a look.

0 Kudos
the_rock
Legend
Legend

Here are 2 articles we did for customer last year to make this work, though they had DNS resolve to 2 external IP addresses. So say 2 external IP addresses 1.2.3.4 and 5.6.7.8 resolve to vpn.xyz.com

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Actually, scrap the 2nd link I sent, I checked and we only did 1st one and all worked. Also, below points out that automatic failover does not work (not supported) with remote access.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
Rannekww
Participant

Thanks. We will have to manually reconfigure remote access if necessary.

the_rock
Legend
Legend

Ping me privately if you need help, Im sure we can figure it out via remote session.

Cheers.

0 Kudos
Rannekww
Participant

Last question: There is an ISP Links in order of priority field in ISP Redundancy. There are two ISPs there now. As the Next Hop IP Address, I specify the gateway of another provider. Is it also correct? Since I noticed that, depending on what I write there, the gateway from this location (Next Hop IP Address) is registered in the Checkpoint web interface in IPv4 Static Routes.
Or is the gateway specified here not of another provider?

The question is removed

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events