- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi everyone,
I currently have a case that I’m not sure how to handle yet, and I’d like to ask if anyone who has configured a similar setup could share your experience.
Here’s the situation:
I have two separate Security Gateways (SGs) managed under the same SmartConsole. Both devices have Remote Access VPN configured. Each gateway is assigned an external DNS for access as follows:
GW1: vpn03.cybertest.com.vn
GW2: vpn04.cybertest.com.vn
The issue I’m facing is that when a user connects successfully to vpn03.cybertest.com.vn, performing a tracert shows that the connection is actually coming from the public IP of GW2. I’m not sure if this behavior is related to some kind of load balancing.
Currently, we have not enabled the load balancing feature in Global Properties. I’m considering whether I should apply the define MEP topology configuration and switch it to client_decide, since I want each user to connect to the specific VPN configured on the gateway we designate.
Additionally, if the VPN domain is shared between both gateways, could that cause this behavior? Or should we create a separate VPN domain for each gateway?
Looking forward to everyone’s thoughts and suggestions.
I would say way to go here is to define different remote access vpn domain for each firewall.
I would say way to go here is to define different remote access vpn domain for each firewall.
Can that be done? Last time I looked at defining multiple RA communities it failed to install the policy.
EDIT: Or did you just mean VPN domains per gateway, all within the same RA community?
Hey Duane,
Maybe I misspoke or did not explain it right. I meant DIFFERENT ra vpn domains for separate firewalls. Defining multiple remote access communities never worked, would give en error if you try to save it.
AH, ok. Yes, that might be what the OP needs to do.
Thats my thought as well.
Actually, I was able to do it in an early R80.x version...and yeah, it's was a UI bug, since this configuration is NOT supported.
Funny you mentioned that, I totally remember lol, it worked for 1 day I believe.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityTue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY