- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi Team,
I am planning to create a loopback interfaces on my HA cluster with same Public IP to terminate the IPsec VPN tunnels. It is required as I am having private IP address on external interface and I don't want to NAT the IP on Internet router.
Questions:
1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.
2. How would I choose the loopback interface IP as an Peer IP under Gateway Cluster properties -> IPsec VPN -> Link Selection I don't see an option to set this IP to be used as VPN peer IP for my third parties.
3. How this loopback interface chooses physical interfaces to route its traffic
Regards
Anshu Bathla
.png "Wolfgang"){kind=avatar}
Wolfgang
1. Is that setup feasible , Shall I give the same public IP on both the members as loopback interfaces are not a part of cluster.
That's not possible for your needs. You have to create a dummy cluster-interface. The members are assigned private IPs and the VIP will be your public IP.
With these configuration you can choose your public IP in all the needed sections in VPN link selection.
Wolfgang
Thanks Wolfgang,
Shall I consider that as of now terminating the IPsec VPN is not at all possible on Loopback interfaces on Checkpoint Firewalls?
PhoneBoy
Just set the Link Selection IP to a static IP which does not have to be associated with a gateway interface at all.
Hi Anshu,
we also have the same requirement, Were u able to make it work with the dummy cluster interface. Please share your feedback
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY