- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We have two Checkpoint appliances - one at site A and one at site B. Both sites have their own local ISP connection in addition to a P2P circuit interconnecting the two sites. The P2P link is provided via the downstream Core switches and provides redundancy to route site A's traffic out site B's ISP and vice versa in the event an ISP goes down at a single site. The core switches use OSPF to share routes between the sites.
Site B is new and for the longest time we had all of our VPNs to 3rd party vendors terminate at Site A. Now that we need to build a new VPN to a 3rd party vendor, we must ensure both Site A and Site B have their own VPN to the vendor and ensure that Site A can route across to the P2P and out Site B's VPN in the event of a failure at Site A and vice verse. Furthermore, Site A's traffic to the vendor will be SNATd behind 10.220.0.0/25 and Site B's traffic to the vendor will be SNATd behind 10.220.1.0/25 so traffic from the vendor to us will only have one path regardless of which site our traffic comes from.
Coming from a background of primarily route based VPNs, this would be a fairly easy configuration with no consideration to overlaps. We're currently using domain based VPNs but I'm thinking the best path forward would be using routed based VPNs and migrating all domain based VPNs to routed based.
I've attached a network diagram to outline my topology.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY