This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ab
Participant
‎2020-10-14 11:08 PM

IPsec VPN termination on Loopback interfaces -R80.40

Hi Team,

I am planning to create a loopback interfaces on my HA cluster with same Public  IP to terminate the IPsec VPN tunnels. It is required as I am having private IP address on external interface and I don't want to NAT the IP on Internet router.

Questions:

1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.

2. How would I choose the loopback interface IP  as an  Peer IP under Gateway Cluster properties -> IPsec VPN -> Link Selection I don't see an option to set this IP to be used as VPN peer IP for my third parties.

3. How this loopback interface  chooses physical interfaces to route its traffic 

 

Regards

Anshu Bathla

0 Kudos
5 Replies
Wolfgang
MVP Gold
MVP Gold
‎2020-10-14 11:38 PM

@ab 

1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.

That's not possible for your needs. You have to create a dummy cluster-interface. The members are assigned private IPs and the VIP will be your public IP.

With these configuration you can choose your public IP in all the needed sections in VPN link selection.

Wolfgang

 

ab
Participant
‎2020-10-15 12:04 AM
In response to Wolfgang

Thanks Wolfgang,

Shall I consider that as of now terminating the IPsec VPN is not at all possible on Loopback interfaces  on Checkpoint Firewalls?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-17 10:32 PM

Just set the Link Selection IP to a static IP which does not have to be associated with a gateway interface at all.

0 Kudos
libin
Explorer
‎2020-10-26 01:08 AM

Hi Anshu,

we also have the same requirement, Were u able to make it work with the dummy cluster interface. Please share your feedback

0 Kudos
laurent_ragon
Participant
‎2025-09-11 11:51 PM
In response to libin

HI,

have you any feedback for this configuration? can we finalise the VPN IPSEC on a dummy INterface ?

What doesn't it mean exactly? should I define on GAIA System also an interface with the private IP address then define the public IP addresse on the CLuster Topologie?

Thank you for your reply

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events