- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- VPN problem in ISP redundancy scenario
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN problem in ISP redundancy scenario
Hi mates,
Our client has a WAN site with dual ISPs connecting to the Central Management Gateway. They want to implement ISP redundancy. In the event of a failover, the WAN site should establish a VPN connection over the secondary ISP to the central gateway. We've configured ISP redundancy using the Smart Console. However, during our failover tests (unplugging the cable or disabling the interface), while routing successfully switches to the second ISP, the VPN seems to encounter issues. The remote site indicates that the VPN is up, but the internal subnet behind the gateway cannot reach the central management internal IPs over the VPN.
Other point is, central gateway is trying to establish VPN with failovered ISP´s IP.
Thnks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
if all VPN peers are Checkpoint & Centrally managed, you may want to consider using our Quantum SD-WAN for overlay and VPN resiliency.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, they are centrally managed. Maybe customer can think about it, we alredy informed the customer about sd-wan solutions. Quick question, can customer test it on current environment. As I know, Sd-wan runs on inifinity portal, but on infinity portal I could not see any eval license option. How it works POC on infinity portal?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
of course it can be tested on current environment, we just need to see if the env has no known limitations with SD-WAN. check it out here (https://support.checkpoint.com/results/sk/sk180605)
there is no need for license for the infinity portal. just create account, connect on prem mgmt (i assume?) to the infinity (from the infinity tab).
you just need to enable appi/urlf/vpn for that on all SD-WAN GWs.
if you need assistance in the POC/planning, feel free to contact me at amirar@checkpoint.com
