This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KrivU
Participant
‎2025-09-26 02:04 PM
Jump to solution

ISP Link Redundancy - Load Sharing / Gateway keeps traffic in a single ISP

Hi,

I have a cluster configuration, on this, we recently changed the configuration for the ISP Link Redundancy from Primary/BackUp to Load Sharing, the SMS and Gateways are on 81.10 take 99. with two gateways, one called Primary and the other is the BackUp, the ISP Link Redundacy handles three diferent ISP's.

When the traffic is going through the BackUp the ISP Link Redundacy in Load Sharing, works perfectly, we did some fw monitors and the traffic balance between the three ISP's, but if the traffic goes through the Primary-GW sends all the traffic to only one of the three ISP, We tried to run an fw isp_link {name of the ISP} down, and ran a fw monitor, and keeps sending the traffic from the same ISP,  

 

Has anyone else got experience a similiar behavior?

Labels
0 Kudos
1 Solution

Accepted Solutions
KrivU
Participant
2 weeks ago
In response to the_rock
Jump to solution

Hi @the_rock 

We proceed with a reboot of the members of the cluster, and everything is working fine, I've been monitoring the behavior and its working as it suppose to, thanks for the follow up, the TAC told me that could be a configuration on the ISP stickiness on the firewall, but after reboot it wasn't necessary to change anything.

 

View solution in original post

13 Replies
the_rock
MVP Gold
MVP Gold
‎2025-09-26 05:09 PM
Jump to solution

Can you check the routes on both firewalls to make sure its correct?

Andy

Best,
Andy
0 Kudos
KrivU
Participant
‎2025-09-26 06:21 PM
In response to the_rock
Jump to solution

Thanks for the reply,

Yes, I checked, and the default routes are the same, are pointing to the main ISP, what other items shall I look over?

the_rock
MVP Gold
MVP Gold
‎2025-09-26 06:26 PM
In response to KrivU
Jump to solution

Maybe run ip r g 8.8.8.8 from expert mode to confirm its right output.

Andy

Best,
Andy
0 Kudos
KrivU
Participant
a month ago
In response to the_rock
Jump to solution

Hi the_rock, 

Yes I tried on both of the members of the cluster, when I failover the traffic to the BackUp, and I did the fw monitor, I can see the traffic swiching between ISPs interfaces, but when I failover back the traffic to the primary, in that cluster member the traffic just stays on one of the 3 ISPs

0 Kudos
the_rock
MVP Gold
MVP Gold
a month ago
In response to KrivU
Jump to solution

Did TAC give you any other suggestions?

Andy

Best,
Andy
0 Kudos
KrivU
Participant
a month ago
In response to the_rock
Jump to solution

No, the case still open, and they are testing in lab environment that's the last update

0 Kudos
the_rock
MVP Gold
MVP Gold
a month ago
In response to KrivU
Jump to solution

Please keep us posted.

Regards,

Andy

Best,
Andy
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-09-28 08:20 AM
Jump to solution

Does the issue persists across reboots of that member?

CCSM R77/R80/ELITE
the_rock
MVP Gold
MVP Gold
‎2025-09-28 09:06 AM
In response to Chris_Atkinson
Jump to solution

Excellent point Chris.

Best,
Andy
0 Kudos
KrivU
Participant
a month ago
In response to Chris_Atkinson
Jump to solution

Hi Chris, thanks for the reply,

I havent tried a reboot, we the TAC we tried a CPSTOP, CPSTART, but nothing changed, I'm going to schedule a reboot, to see the behavior,

the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to KrivU
Jump to solution

Hey @KrivU 

Were you able to figure this out?

Best,

Andy

Best,
Andy
0 Kudos
KrivU
Participant
2 weeks ago
In response to the_rock
Jump to solution

Hi @the_rock 

We proceed with a reboot of the members of the cluster, and everything is working fine, I've been monitoring the behavior and its working as it suppose to, thanks for the follow up, the TAC told me that could be a configuration on the ISP stickiness on the firewall, but after reboot it wasn't necessary to change anything.

 

the_rock
MVP Gold
MVP Gold
2 weeks ago
In response to KrivU
Jump to solution

Awesome job!

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events