We are using a cluster XL with two gateways (active/passive) that are running on version R81.
We have from this cluster three S2S VPN with third-party devices created using domain VPN. For now we have only one route through a L3 device that is connected to two lines and acting as a BGP partner with the two providers. In this scenarion if one circuit is down the checkpoint are still using the same public IP range and the VPN tunnel remain up.
We have to migrate to another solution with two ISP connected on two different interfaces of the Checkpoint with one dedicated public IP range per ISP.
I am searching for hours on the differents topics about the way to failover the VPN from one ISP to another but I am completly lost.
As I could read the link selection will not work with non checkpoint peers.
I was thinking to create static route toward peer IP by using ISP1 with higher priority and add an ip reachability detection to the peer IP then if it fail the secondary route will be used for the VPN. Is it possible to do in this way ?
Thnk you for your help.