This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamaladmire1
Contributor
Contributor
‎2023-10-03 05:59 AM
Jump to solution

Check Point to Azure S2S VPN with Active and Backup ISP

HI All, need help with below, 

Environment R81.10 Check Point Cluster:

Check Point Cluster configured with Primary (BT) and Secondary ISP (VMB)

Currently Active S2S VPN using BT (Primary) to AZURE VPN gateway all working fine...

Another VPN gateway Configured in Azure in the same resource group to share same backend subnet for Backup VPN to Check Point using backup ISP (VMB)

question, after initial configuration tunnel interface policy etc, what extra configuration is required to tell Check Point when internet failover use secondary ISP link to Azure backup VPN?

both VPN are route based VPN with tunnel interfaces.

testing Plan is to failover ISP to backup VMB and perform testing

 

see attached diagram 😛

 

 

 

 

 

 

Preview file
38 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-10-03 07:42 AM
Jump to solution

The main thing you'll need to do is set up Link Selection to ensure the right source IP is used (assuming the WAN IP on the different ISP links is...different).
See: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SitetoSiteVPN_AdminGuide/Top... 

View solution in original post

0 Kudos
(1)
2 Replies
PhoneBoy
Admin
Admin
‎2023-10-03 07:42 AM
Jump to solution

The main thing you'll need to do is set up Link Selection to ensure the right source IP is used (assuming the WAN IP on the different ISP links is...different).
See: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SitetoSiteVPN_AdminGuide/Top... 

0 Kudos
(1)
kamaladmire1
Contributor
Contributor
‎2023-10-04 02:09 AM
In response to PhoneBoy
Jump to solution

Thanks I have managed to make it work and yes the link selection is the key 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events