This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FrankXie
Participant
‎2023-01-09 12:26 PM

Setup multiple VPN tunnel between checkpoint firewall and third-party endpoint

Hello experts

 

We are trying to establish site to site vpn tunnel to third party through checkpoint firewall. Due to one tunnel bandwidth limitation, we need to setup multiple tunnels between them. We noticed there's problem to establish multiple between 2 endpoints. Just wondering if below solution will help?

 

client --> internal firewall --> external firewall --> third party endpoint

 

We will try to configure multiple VTI to different remote ip at internal firewall, So vpn tunnel will be between internal firewall and third party endpoint.  And we will nat VTI IP to different public ip address at external firewall and nat all remote ips to same third party endpoint.

 

So in theory, internal firewall will think it is connecting to multiple different endpoints. From third party point of view, all tunnel coming from different source.

 

Then we add multiple static route at internal firewall pointing to same destination with same cost to achieve ECMP.

Is this solution possible? 

Thanks in advance for your response.

 

Cheers

Frank

Labels
0 Kudos
2 Replies
Wolfgang
Authority
Authority
‎2023-01-09 12:42 PM

@FrankXie @very interesting idea but answer will be NO 😞

Between Check Points gateways you can use more then one link for a VPN connection and you can dorthin LoadSharing. But with third party, I‘m not aware of any solution.
How about your VPN bandwidth limitation? Let‘s talk about these limitation youˋre referring to, please explain.

0 Kudos
FrankXie
Participant
‎2023-01-09 12:51 PM
In response to Wolfgang

Hi @Wolfgang 

Can you please share more detail why it is not possible?

It is third party's limitation regarding bandwidth per tunnel. Take Zscaler as an example. Only 400M throughput supported per tunnel.

 

Cheers

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events