It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi all,
Could you please point me, if this is possible to configure two active S2S VPN tunnels - one tunnel per one ISP?
My scenario: 5000series (R80.10) appliances configured as a cluster
Eth1 >> connected to ISP 1 (public IP address block /29)
Eth2 >> connected to ISP 2 (public IP address block /29)
I don't use ISP redundancy, because we use PBR for some good reason.
We use S2S tunnels between data center with Juniper SRX and Checkpoint in the office. Inside S2S VPN we use BGP protocol to distribute routes.
I would like to have two active tunnels at the same time - one configured by using ISP1 public IP, second configured by using ISP2. I will distribute better routes for VPN tunnel 1, but in case of problem with ISP1 I expect that VPN tunnel 2 will immediately handover traffic.
I know hot to configure two tunnels in active/standby mode, but I am wondering if this is somehow possible to achieve active/active configuration
Thanks in advance
PhoneBoy
In Check Point, you do this with a MEP configuration choosing the option "Random Selection."
See: Multiple Entry Point (MEP) VPNs
As the underlying mechanisms are proprietary, I do not believe this will work with a third party VPN endpoint.
Maarten_Sjouw
You can create tunnel interfaces, on those you can run BGP, in that way you create a redundant setup the same way you use AWS. Route based VPN is what it is called within Check Point.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY