Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FrankXie
Participant

Setup multiple VPN tunnel between checkpoint firewall and third-party endpoint

Hello experts

 

We are trying to establish site to site vpn tunnel to third party through checkpoint firewall. Due to one tunnel bandwidth limitation, we need to setup multiple tunnels between them. We noticed there's problem to establish multiple between 2 endpoints. Just wondering if below solution will help?

 

client --> internal firewall --> external firewall --> third party endpoint

 

We will try to configure multiple VTI to different remote ip at internal firewall, So vpn tunnel will be between internal firewall and third party endpoint.  And we will nat VTI IP to different public ip address at external firewall and nat all remote ips to same third party endpoint.

 

So in theory, internal firewall will think it is connecting to multiple different endpoints. From third party point of view, all tunnel coming from different source.

 

Then we add multiple static route at internal firewall pointing to same destination with same cost to achieve ECMP.

Is this solution possible? 

Thanks in advance for your response.

 

Cheers

Frank

0 Kudos
2 Replies
Wolfgang
Mentor
Mentor

@FrankXie @very interesting idea but answer will be NO 😞

Between Check Points gateways you can use more then one link for a VPN connection and you can dorthin LoadSharing. But with third party, I‘m not aware of any solution.
How about your VPN bandwidth limitation? Let‘s talk about these limitation youˋre referring to, please explain.

0 Kudos
FrankXie
Participant

Hi @Wolfgang 

Can you please share more detail why it is not possible?

It is third party's limitation regarding bandwidth per tunnel. Take Zscaler as an example. Only 400M throughput supported per tunnel.

 

Cheers

 

0 Kudos