This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JaySon_2021
Contributor
‎2026-01-29 10:50 AM
Jump to solution

Policy Based routing with reduntant ISP links

We have an HA firewall pair, and 2 ISP links. We want to utilize Policy based routing AND have traffic fail-over completely to either ISP1 or ISP2 if the circuit goes down.

Example:

- Net_10.1.1.0/24 goes through the Checkpoints and out ISP1

- Net_192.168.1.0/24 goes through the Checkpoints and out ISP2

If ISP1 goes down, then both Net_10.1.1.0/24 and Net_192.168.1.0/24 will be sent out ISP2, and vice versa.

Is this possible with PBR?

Thanks

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2026-01-29 12:43 PM
Jump to solution

That should be possible with PBR, yes.

View solution in original post

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-29 02:31 PM
Jump to solution

Hey Jeff,

Check out below post I made before holidays.

https://community.checkpoint.com/t5/Security-Gateways/ISP-redundancy-PBR-sd-wan-question/m-p/265222

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2026-01-29 12:43 PM
Jump to solution

That should be possible with PBR, yes.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-29 02:31 PM
Jump to solution

Hey Jeff,

Check out below post I made before holidays.

https://community.checkpoint.com/t5/Security-Gateways/ISP-redundancy-PBR-sd-wan-question/m-p/265222

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
CheckPointerXL
Advisor
Advisor
‎2026-01-29 03:01 PM
Jump to solution

did i study how to apply nat? in case of zone+r82 pay attention and take a look here https://support.checkpoint.com/results/sk/sk184176

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-30 12:50 PM
Jump to solution

Hey Jeff,

Hope link I shared helped?

Happy weekend!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
JaySon_2021
Contributor
‎2026-01-30 01:21 PM
In response to the_rock
Jump to solution

Yep. Helped clarify things. Appreciate it.

the_rock
MVP Diamond
MVP Diamond
‎2026-01-30 01:48 PM
In response to JaySon_2021
Jump to solution

For you, no charge...EXCEPT iphone charge. Thats my CORNY joke Im sure everyone is sick of lol

Anyway, yea, you can definitely open TAC case, though Im positive they will tell you the same thing.

For reference:

https://support.checkpoint.com/results/sk/sk167135

 

 

 

Best,
Andy
"Have a great day and if its not, change it"
Preview file
7 KB
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-31 08:39 AM
In response to JaySon_2021
Jump to solution

Be free to message me directly any time, I have a very good lab set up, so most things can be tested.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
WiliRGasparetto
MVP Diamond
MVP Diamond
‎2026-01-30 12:58 PM
Jump to solution

Yes, PBR should allow that

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-30 01:00 PM
In response to WiliRGasparetto
Jump to solution

The catch is...would allow that, but PBR ONLY...NO ISPR involved : - )

Together, wont work.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
JaySon_2021
Contributor
‎2026-01-30 01:19 PM
In response to the_rock
Jump to solution

Thanks all for the responses. As I am getting mixed responses perhaps a TAC case is best.

Regards,

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-01-30 03:27 PM
In response to JaySon_2021
Jump to solution

Their is conceptual & feature naming...

ISP redundancy doesn't necessarily mean you are using the Check Point feature by the same name where PBR is a limitation.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events