This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Man0j
Contributor
‎2020-11-16 01:36 AM
Jump to solution

ISP Redundancy + IPSEC Tunnel with Zscalar in R80.40

Dear Team,

 

My customer is on R80.40 with 5600 HA mode firewalls.

The scenario is below :

1. Lan users connect to Internet after passing through Check Point firewall and then after passing through Check Point the traffic  is IPSEC tunneled with ZScalar cloud proxy

2. Currently customer has 2 ISP Links and configured in Load sharing mode , Unfortunately one of the ISP's is frequently giving less amount of BW than it is supposed to this in turn creating latency issues to customer's internet traffic. Because of this reason customer manually changes the ISP redundancy  percentages i.e gives maximum priority to second ISP

3. But this is in turn creating  another problem i.e IPSEC tunnel with Z scalar gets disconnected and he should manually go to Link selection in Check Point and select the static IP of second interface.

Are we missing anything to make this work automatically with out manual intervention. Kindly help with solution.

 

AMARA RAJA.png

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-11-18 07:02 AM
Jump to solution

Curious, do you have this option checked in the ISP Redundancy settings with respect to VPN?

Screen Shot 2020-11-18 at 6.58.02 AM.png

View solution in original post

PhoneBoy
Admin
Admin
‎2020-11-19 08:32 PM
In response to Man0j
Jump to solution

Looks pretty self-explanatory to me.
If you want to use both interfaces at the same time for VPN, then you probably need to use this feature.
Whether it will work with Zscaler or not is a different question.

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2020-11-18 07:02 AM
Jump to solution

Curious, do you have this option checked in the ISP Redundancy settings with respect to VPN?

Screen Shot 2020-11-18 at 6.58.02 AM.png

Man0j
Contributor
‎2020-11-19 08:09 PM
In response to PhoneBoy
Jump to solution

Hey Hi,

No it's not selected currently.

Sorry for late reply.

 

0 Kudos
Man0j
Contributor
‎2020-11-19 08:17 PM
In response to PhoneBoy
Jump to solution

Hi, Can you please explain importance of this VPN settings option in ISP redundancy.

Also request you to explain the about Route based probing mode in LINK SELECTION if you are aware.

 

 

IMP.gif
Preview file
33 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-19 08:20 PM
In response to Man0j
Jump to solution

If you want VPN traffic to follow ISP Redundancy rules, then this setting needs to be enabled.
That should eliminate the need to change the Link Selection on failover.
Believe the route-based probing isn't relevant when using ISP Redundancy.

0 Kudos
Man0j
Contributor
‎2020-11-19 08:27 PM
In response to PhoneBoy
Jump to solution

Hi,

Many thanks for swift reply. Got cleared about VPN settings in ISP redundancy  with your explanation.

However, request you to have look and revert on the attached Image which explains about Route Based Probing option in link selection and it mentions relevancy about ISP redundancy Load sharing mode. 

IMP.gif
Preview file
33 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-19 08:32 PM
In response to Man0j
Jump to solution

Looks pretty self-explanatory to me.
If you want to use both interfaces at the same time for VPN, then you probably need to use this feature.
Whether it will work with Zscaler or not is a different question.

0 Kudos
Man0j
Contributor
‎2020-11-19 08:53 PM
In response to PhoneBoy
Jump to solution

Many thanks for the explanation.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top