Solved: Re: Check Point to Azure S2S VPN with Active and B...

kamaladmire1 · ‎2023-10-03

HI All, need help with below,

Environment R81.10 Check Point Cluster:

Check Point Cluster configured with Primary (BT) and Secondary ISP (VMB)

Currently Active S2S VPN using BT (Primary) to AZURE VPN gateway all working fine...

Another VPN gateway Configured in Azure in the same resource group to share same backend subnet for Backup VPN to Check Point using backup ISP (VMB)

question, after initial configuration tunnel interface policy etc, what extra configuration is required to tell Check Point when internet failover use secondary ISP link to Azure backup VPN?

both VPN are route based VPN with tunnel interfaces.

testing Plan is to failover ISP to backup VMB and perform testing

see attached diagram 😛

PhoneBoy · ‎2023-10-03

The main thing you'll need to do is set up Link Selection to ensure the right source IP is used (assuming the WAN IP on the different ISP links is...different).
See: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SitetoSiteVPN_AdminGuide/Top...

View solution in original post

PhoneBoy · ‎2023-10-03

The main thing you'll need to do is set up Link Selection to ensure the right source IP is used (assuming the WAN IP on the different ISP links is...different).
See: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SitetoSiteVPN_AdminGuide/Top...

kamaladmire1 · ‎2023-10-04

Thanks I have managed to make it work and yes the link selection is the key

Are you a member of CheckMates?

Check Point to Azure S2S VPN with Active and Backup ISP