Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
starmen2000
Collaborator
Collaborator

ISP Redundancy , SIC and VPN

Hello mates,

I have a couple of important questions related to ISP redundancy and remote gateway configurations that I'd like to discuss:

  1. In a setup where ISP redundancy is being implemented on a remote gateway, using two different external IP addresses,  Let's say one of these IPs is the main IP for the gateway, and if this IP goes down, does it affects the SIC communication?  In this scenario, how would the status of the gateway in SmartConsole be affected? What steps should be taken in such a situation?

  2. If a remote gateway communicates with a central gateway through a tunnel, will a new tunnel be established automatically with the new ISP IP when there's an ISP Failover happen?

Apart from these two main topics , what issues I need to  consider? 

I'm looking forward to sharing your experiences and insights on this matter. Thank you.

 

0 Kudos
1 Reply
the_rock
Legend
Legend

I would get an official TAC answer on it, but here is what I believe.

In a setup where ISP redundancy is being implemented on a remote gateway, using two different external IP addresses,  Let's say one of these IPs is the main IP for the gateway, and if this IP goes down, does it affects the SIC communication?  In this scenario, how would the status of the gateway in SmartConsole be affected? What steps should be taken in such a situation?

IF main IP is what SIC is established on with mgmt server, Im 100% sure it would affect it if that link went down.

If a remote gateway communicates with a central gateway through a tunnel, will a new tunnel be established automatically with the new ISP IP when there's an ISP Failover happen?

Unless remote gateway "knows" about a new IP address, I dont see how that tunnel will continue to work. Possibly, existing VPN session may work, but probably not any new ones.

Check out below, this might be similar to what I posted in the past.

Andy

https://community.checkpoint.com/t5/Security-Gateways/ISP-redundancy-VPN-question/m-p/161823#M28724

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events