- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi all,
Could you please point me, if this is possible to configure two active S2S VPN tunnels - one tunnel per one ISP?
My scenario: 5000series (R80.10) appliances configured as a cluster
Eth1 >> connected to ISP 1 (public IP address block /29)
Eth2 >> connected to ISP 2 (public IP address block /29)
I don't use ISP redundancy, because we use PBR for some good reason.
We use S2S tunnels between data center with Juniper SRX and Checkpoint in the office. Inside S2S VPN we use BGP protocol to distribute routes.
I would like to have two active tunnels at the same time - one configured by using ISP1 public IP, second configured by using ISP2. I will distribute better routes for VPN tunnel 1, but in case of problem with ISP1 I expect that VPN tunnel 2 will immediately handover traffic.
I know hot to configure two tunnels in active/standby mode, but I am wondering if this is somehow possible to achieve active/active configuration
Thanks in advance
In Check Point, you do this with a MEP configuration choosing the option "Random Selection."
See: Multiple Entry Point (MEP) VPNs
As the underlying mechanisms are proprietary, I do not believe this will work with a third party VPN endpoint.
You can create tunnel interfaces, on those you can run BGP, in that way you create a redundant setup the same way you use AWS. Route based VPN is what it is called within Check Point.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY