I have a VPN tunnel connecting 2 sites, where all traffic is routed over the tunnel. I just installed dual 100Mb links between the sites, which I would like to use as Active/Active. The service provider installed dual switches on each end, and combines the 2 links using LACP between the switches. I connect the firewalls with a single port to one switch at each site.
My concern is that since all traffic goes over a single VPN tunnel, the LACP will not load balance the traffic between the 2 lines, but will treat it all as one "session". How can I get the traffic to run over both links (and achieve aggregate throughput of 200Mb)?
My other idea was to connect 2 ports on each firewall, one to each line, and bond them together into a single interface, then let the Checkpoint handle the load balancing (using which mode settings?). Which method would work better?
See network diagram below: