This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andrey_Gl
Explorer
Explorer
‎2023-04-02 04:14 AM
Jump to solution

ISP Load sharing exception for VPN peer

we use star community pattern. there are 2 providers on central gateway and we want to enable ISP load sharing therefore we check "apply settings to vpn traffic" but there is a problem that one tunnel is built on gateway that's available on l2 channel (via local address on 3rd interface) without internet access. if we enable option i mentioned above then settings will affect link section and this vpn thus vpn tunnel(with local ip) will be built on gateways with internet access which leads to failure(vpn tunnel won't be built) is there any way to configure isp ls but make an exception for it?

Labels
0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2023-04-02 08:06 AM
Jump to solution

@Andrey_Gl you can configure ISP redundancy without "apply settings to vpn traffic".

With this setting the configuration for VPN link selection doesn‘t follow ISP redundancy configuration. You can configure VPN link selection with link probing to check which link is available.

View solution in original post

(1)
4 Replies
Wolfgang
Authority
Authority
‎2023-04-02 08:06 AM
Jump to solution

@Andrey_Gl you can configure ISP redundancy without "apply settings to vpn traffic".

With this setting the configuration for VPN link selection doesn‘t follow ISP redundancy configuration. You can configure VPN link selection with link probing to check which link is available.

(1)
Andrey_Gl
Explorer
Explorer
‎2023-04-02 11:54 AM
In response to Wolfgang
Jump to solution

Thank you.Yes, I see that option, but if I enable it, won't I need to select three addresses there - two provider addresses and one local address of another peer? Won't they interfere with each other? In our installation, there are 10 VPN peers available through two interfaces looking to the Internet, and one VPN peer is available through a local interface.

0 Kudos
Wolfgang
Authority
Authority
‎2023-04-02 12:26 PM
In response to Andrey_Gl
Jump to solution

No problem to use all three interfaces. If your local interface is only reachable via local routing not via the other ISPs it‘s no problem. But you have to configure properly the outgoing routing options and link probing.

0 Kudos
the_rock
Legend
Legend
‎2023-04-02 03:23 PM
In response to Andrey_Gl
Jump to solution

Im fairly confident what @Wolfgang suggested will work, as I had customer do this in the past and that was perfect option to make it work as intended.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events