- Products
- Learn
- Local User Groups
- Partners
-
More
This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Cloud Mates
- Eastern Africa
- Israel
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- CheckMates
- :
- Products
- :
- Network Security
- :
- Security Gateways
- :
- Policy Based Routing (PBR) and Domain vpn
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SamiH
Contributor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2020-01-21
04:08 AM
Policy Based Routing (PBR) and Domain vpn
Policy Based Routing sk100500 just shortly states that PBR cannot be used with Domain vpn. If I use PBR just for a certain network, am I able to use Domain vpn with other networks or how does it affect Domain vpn?
My other problem is that we have 2 ISPs and some networks need to be routed via ISP1 and some via ISP2. I currently have many s2s domain vpns via ISP1 and at some point would like to start moving them one-by-one to ISP2, but if PBR doesn't work with domain vpn, I don't see a way to do this with one Gateway cluster? If I remove PBR, either the ISP1 or ISP2 owned network will route wrong with static routes.
Reply
1 Reply
G_W_Albrecht
Champion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2020-01-21
05:25 AM
This is not true - what the SK states is that:
- The following features/blades are not supported with PBR:
- IPv6
- URL Filtering
- IPS
- Locally-generated traffic
- Security Servers
- Data Loss Prevention (DLP) blade
- VPN Domain Based
- VPN Route Based
- Anti-Spam blade
- Mail Transfer Agent (MTA) (relevant for Threat Emulation/Threat Extraction/Data Loss Prevention/Anti-Spam blades)
- ISP Redundancy
- The following applications (which use Check Point Active Streaming [CPAS]):
- VoIP (H323, SIP, Skinny, etc.)
- HTTPS Inspection
- HTTP Header Spoofing
- HTTP Proxy
- IMAP in IPS
So you can not use PBR just for a certain network and use Domain vpn with other networks. But you can mix VPN Domain Based and VPN Route Based, see sk109340: Mixing Route Based VPN with Domain Based VPN on the same Security Gateway!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY
©1994-2020 Check Point Software Technologies Ltd. All rights reserved.
Copyright
Privacy Policy
Facts at a Glance
User Center