- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi All,
We are having two datacenters, with a Checkpoint VPN cluster(Active/Standby) at each house. Users have two IP's configured in their client and it is their choice which DC they want to connect to. However we are facing a load issue some times as most of the users will connect to the single DC.
We have tried to create a single GSLB DNS and pointed that to the IP's of both the houses, however the VPN client caches the IP when it tries to connect for the first time and always connects to the same DC/IP.
Question: How to make this solution work and have clients not cache the IP and perform a DNS resolution every time they connect.
With reference to sk75221 are you using MEP currently and which mode?
It is the default, please see below:
:mep_mode (
:gateway (
:map (
:dns_based (dns_based)
:first_to_respond (first_to_respond)
:primary_backup (primary_backup)
:load_sharing (load_sharing)
:client_decide (client_decide)
)
:default (dns_based)
Also which client version is used?
Circa E81.10 we improved the first_to_respond logic to improve distribution.
Version VPN E84.60 Build 986102607
Hello,
You have to follow sk103440 to perform DNS resolution every time they connect.
Regards
Thank you much will keep you posted.
One last question - How to add a new site on remote user laptops as it is very difficult to ask them add it manually also most of them do not have admin right's to the system
Login Options are configured per gateway.
Edit gateway properties - expand VPN Clients on the left, select Authentication on the left
You have two choices: Allow all clients connect to the one default option, or use multiple login options with customized settings (local firewall users, AD login, MFA, combinations...). These must be identical on all gateways to prevent that error. Multiple Login Options method is much nicer, and more preferred, but the user will have to select the correct one at the time of site creation (unless you are able to push out a new trac.config to your clients). You can have different groups of users using different Login Option methods, if you wish.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY