Re: Backup vpn tunnel to Azure when Express route ...

ajsingh · ‎2023-11-12

Hi all,

I am attempting to establish a backup VPN link from on-premises to our Azure tenant. Currently, I have Check Point (CP) FW version r81.10 configured as follows: CP FW ----> MPLS ----> Express Route ----> Azure.

I would like to set up a VPN from the CP firewall to Azure (with BGP, I presume) to achieve redundancy.

Is it possible with Check Point firewalls? If yes, should I be using BGP? Could I receive some guidance or steps from someone who has already done this or has knowledge on this matter, please?

Any help is greatly appreciated.

the_rock · ‎2023-11-12

My colleague and I actually have same scenario with the customer and MS support sent them something that we are trying to verify would work in their case. Will keep you posted on what we find.

I am fairly sure it is possible and yes, you need BGP, for sure. It really boils down to these things:

-xpress route is ALWAYS preferred

-VPN will be preferred IF prefix is shorter, so say /17 over /16 subnet

Andy

ajsingh · ‎2023-11-14

Thank you. I will wait 🙂

the_rock · ‎2023-11-14

Customer included us on the email thread with Azure support, so lets see what they say 🙂

Messalina

Hello fellows, old thread but this is exactly what I am trying to deploy now. If you have any links to share it would be helpful. SK articles, documentation, experience and so on.

_Val_

@Messalina I would suggest opening a new thread about that.

the_rock

I do, but sadly cant share them, as my colleague and I specifically made them for the customer, sorry.

Andy

Messalina

Okey thanks for letting me know anyway. Sounds like you have found a working solution.

the_rock

We did, but then client decided to go with Harmony SASE, which is way better anyway.

Andy

Are you a member of CheckMates?

Backup vpn tunnel to Azure when Express route is Primary