Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Changing WAN IP addressed due to swtching to a new ISP on 1120 cluster running R77.20

Hello All

 

I was under the assumption that when you change the WAN IP address due to ISP change, that will break the VPN due to peer ip change.

The history of all of this is that my client has an HA pair of 1120 appliance cluster in Nigeria on R77.20 and are in the process of changing their ISP. Now there is a VPN link between Nigeria which is the satelite, and London cluster which is an HA 5000 cluster on R77.30 the hub, all managed by an R80.10 virtual management server.

I have managed to split the Nigerian cluster, and placed one of the cluster members on the new ISP WAN IP. Now I want to move the other cluster member which hosts the VPN link between Nigeria and London, to the new ISP WAN IP. My query is how do I reinstall the VPN link, should it break due to the WAN IP change?

I contacted Checkpoint TAC and they refered me to their local office and they categorically stated that I would need SmartLSM to reinitialise the SIC between the Nigerian cluster running R77.20 and the centrally management server running R80.10.

Any information moving this case forward would be appreciated.

Kind regards.

 

Gladstone Abati-George.

0 Kudos
1 Reply
Highlighted

Hi,

If SIC was generated between the public IP of the appliances and the management server then the break of it is inevitable as far as my understading goes. Don't know how critical is to keep your VPN without packet loss, if it's not an issue then the whole process of breaking the VPN and generating a new one will not take much and it's not risky. While doing the process just make sure that you set up your SMB appliances to be managed from the WAN link so you don't lose management (Remember to use a strong password), then you can remove this access.

If there are not many rules you may want to concider having these appliances locally managed and only generate SIC for them to export logs to your SMS.

Regards,

Federico Meiners

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos