This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Greg_Harewood
Contributor
‎2022-10-21 04:18 PM

Can I have two CENTER gateways with the SAME (vpn) IP in a STAR COMMUNITY?

I'd love it if someone could save me the time this would take to lab!  And if it doesn't work, it's a feature request please!

My customer is adding a DR site that will be a complete BGP failover - lots of identical addressing. Firewall management ports are unique though, so we have a unique FW object for each site, all nicely working.  They are NOT a cluster, but they run the same policy, and the live site will be the one seeing the LAN and WAN networks as BGP hands them to it.

However, for public internet access, in order to make this work without a lot of stress with VPN partners, the DR site gateway should have a duplicate address on it's internet interface (only).  So:

  • Mostly unique addressing, but external IP is a duplicate
  • Only one GW effectively active at a time, whichever is receiving BGP routes etc
  • They are not clustered, but they run the same policy and protect the same encryption domain
  • They are primary and secondary (prioritized list) center gateways in a star community running MEP
  • Center gateways are not meshed (obviously).  There is an internal MPLS.
  • Gateways have the public IP defined as the VPN address in Link Selection
  • Connections to third party satellites gateways in this scenario use shared keys

Does this work?  Are there any issues with the address being identical?

Thanks!

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2022-10-21 05:11 PM

Just to be clear, the Main IP for these two gateways is different, but the Link Selection IP is the same for both?
I know having two (interoperable) gateways with the same IP is not supported, but not exactly sure about the same Link Selection IP. 

0 Kudos
_Val_
Admin
Admin
‎2022-10-24 01:45 AM

I do not think this is possible. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events