This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Americo_two
Participant
‎2021-05-18 12:29 PM

ISP Redundancy + IPSEC Tunnel with third-party firewall

Hi Everyone,

I found some forums about this subject, but I couldn´t find a solution, we have a gateway with R77.30 version installed, and with ISP Redundancy configured, we want to configure an IPSEC VPN with a third-party firewall.

Today this VPN is working with the main link, but we need to add the second link installed to have a contingency in case of failure of one of the links

 

0 Kudos
4 Replies
the_rock
Champion
Champion
‎2021-05-18 07:43 PM

You have to configure isp redundancy on the firewall itself and then apply that to vpn traffic. Are you familiar how to do that? I cant recall the article, but if you look it up, there are instructions on support site.

0 Kudos
Baasanjargal_Ts
Advisor
‎2021-05-18 07:54 PM

Hello,,

1. You need to enable "Apply settings to VPN traffic" on the ISP redundancy config.

2. Choose "Use Probing. Link redundancy mode" on the IPSEC VPN -> Link selection

look into below guide:

 https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_NextGenSecurityGateway_Guide/Topic...

 

 

 

asher
Contributor
‎2021-08-26 07:06 AM
In response to Baasanjargal_Ts

HI

its limited to the following scenario:

1. 2 internet iso lines with isp redundancy

2. another external nic that connect to ipvpn cloud  with managed checkpoint branches, in this case the link selection is gray out 

and if you enable the isp redundancy what will happend with all the link selection configuration that related to the ipvpn nic for connect branches with ipsec? ( sourc ip , outgoing nic ... ) 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-18 11:46 PM

While this should work with R77.30 as described in this thread, just know it has been End of Support for at least 18 months and you should strongly consider upgrading to a supported release.