Site to Site VPN load balancing across dual links

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi everyone,

I have a VPN tunnel connecting 2 sites, where all traffic is routed over the tunnel. I just installed dual 100Mb links between the sites, which I would like to use as Active/Active. The service provider installed dual switches on each end, and combines the 2 links using LACP between the switches. I connect the firewalls with a single port to one switch at each site.

My concern is that since all traffic goes over a single VPN tunnel, the LACP will not load balance the traffic between the 2 lines, but will treat it all as one "session". How can I get the traffic to run over both links (and achieve aggregate throughput of 200Mb)?

My other idea was to connect 2 ports on each firewall, one to each line, and bond them together into a single interface, then let the Checkpoint handle the load balancing (using which mode settings?). Which method would work better?

See network diagram below:

15 KB