This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wyman
Contributor
‎2020-09-29 02:43 AM

AWS VPN Redundancy

Hi. I've been asked a question about setting up a VPN between our office and AWS but was hoping for some clarification as this is new to me. On-prem we use a FW cluster with a primary/backup external IP and because of this it's been suggested that we setup two tunnels between office and AWS, one using the backup IP and the other using the primary IP. If one fails then it would auto failover to the other.

I've had a read of sk100726 - do we have to use VTIs or can this be done with static routing? That's assuming that a failover VPN tunnel can be created. As I said, I've not done this before so am grateful for any help with this.

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-10-01 09:18 AM

If you're terminating with the AWS VPN endpoint (as opposed to a Check Point Gateway in AWS), then VTI (i.e. route-based VPNs) is generally the way to go here.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-10-03 12:24 AM

At the on-premise side you will always use the VIP that is assigned to the cluster, so at your end you already have a auto failover. At the AWS end they normally give you 2 IP's to build a tunnel against.

If you look at this post, it contains a template and instructions for configuring the dual VPN to AWS.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top