This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sanoj
Explorer
‎2023-04-26 08:45 AM

VPN link selection use 3main address

Hi,

we have 3ISP topology as external. One ISP link we have configure for vpn site to site.Already running 8 vpn tunnels. 

link selection we have manually selected that particular ISP from interface ip link.  

we have need to create new vpn with tunnel using another external ISP connection. We are not enabled isp redundancy. If we selected new interface in link selection existing vpns will down. 

Can anyone advice what will happen if we select vpn link selection Main Address? Any issues if configured 2ISP with these method? 

thank you!

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2023-04-26 05:22 PM

Main Address will always use the object IP for the VPN.
If you want the IP to change based on ISP used, ISP Redundancy must be enabled.

garrod
Contributor
‎2023-04-27 01:31 AM
In response to PhoneBoy

Hi PhoneBoy,

 

I remember got one scenario with some issues, where setup as 

<Multiple Router> - <Link Controller/Load Balancer> -Transit Link / Internal IP- <Check Point Gateway>

Where Check Point will only have one Link Selection option for NATed Public IP Address selection, if have multiple Public IP Address, we got any options to include multiple Public IP Address?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-04-27 06:33 AM
In response to garrod

Unfortunately, you can only specify one IP in Link Selection currently.
This is something I believe we will address in an upcoming release.

the_rock
MVP Platinum
MVP Platinum
‎2023-04-27 06:55 AM
In response to PhoneBoy

I think that would be HUGE improvement, if it happens.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-04-26 05:53 PM

There is no issue doing it the way you said...Im sure thats how 99% of people do it, BUT, as Phoneboy said, if you want this to change based on ISP itself, then you have to use ISP redundancy. Important note, keep in mind that even IF you use ISPR, thats no guarantee if there is a failover, vpn tunnels will work, as other ends would need to know about the new external IP on CP side, so thats also something to keep in mind.

Best,
Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events