This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
barisben
Explorer
‎2024-11-22 03:10 AM

IPsec Gateway is Always Defined Cluster Management IP

Hey, I'm trying to IPsec between sites in my lab to test CheckPointFW. I have management network 10.1.91.0/24 and managing CPs from this network. I defined cluster IP from this subnet and FWs have 2 WAN IP and the other site have also. When I check logs from the other site, it says phase1 trying to negotiate from the 10.1.91.27 (so cluster IP). But I want to specify it and tried somethings but nothing works.

1.jpg

When I select Always use this IP address->Selected address from topology table->WAN1, its negotiating.

2.jpg

I defined for both interoperable devices WAN IP but doesn't work.

3.jpg4.jpg5.jpg6.jpg

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-11-22 06:45 AM

If you're using multiple WAN interfaces with VPN, you'll need to configure Link Selection as part of ISP Redundancy: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ClusterXL_AdminGuide/Content... 

In R82, the Link Selection options are greatly improved: https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SitetoSiteVPN_AdminGuide/Content/T... 

0 Kudos
the_rock
Legend
Legend
‎2024-11-22 09:26 AM

I took this screenshot from customers environment where this works 100%, no issues. Dont know if it matters, but their SECONDARY link IP is first in the list I pointed out.

Andy

 

Screenshot_1.png

 Btw, make sure option to apply vpn settings is checked at the bottom of the tab for isp redundancy.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events