VPN as a backup (routing config)

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi guys,
I have a little conceptual trouble and I would like to ask you for advice.

I need to reach client URLs (for example client.com 15.0.0.15) using two ways:
MPLS (primary)
and
VPN Site to Site (backup - VPN has to be UP all the time)

Currently I have already configured VPN Site to Site and everything works.
I didn't add any static routes to reach 15.0.0.15. Default routing to the Internet has been already in placed and only domain encryption and security policies has been created.

Now Client delivered their own pre-configured router so I connected it to CheckPoint.

What should be next steps to complete configuration?
Of course I know that I should set static route to 15.0.0.15 trought interface which is connected to MPLS Client router..
but what will happen then with VPN?
Which way will have higher priority? VPN or MPLS?
How to switch traffic to VPN when Primary MPLS will have outage?
Maybe I should delete 15.0.0.15 from domain encryption to reach 15.0.0.15 IP trought MPLS?

I hope that I described clearly this scenario so I would be grateful for your help.
I have a R80.40 Cluster_XL