This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
starmen2000
Advisor
Advisor
‎2023-11-09 01:00 AM

VPN problem in ISP redundancy scenario

Hi mates,

 

Our client has a WAN site with dual ISPs connecting to the Central Management Gateway. They want to  implement ISP redundancy. In the event of a failover, the WAN site should establish a VPN connection over the secondary ISP to the central gateway. We've configured ISP redundancy using the Smart Console. However, during our failover tests (unplugging the cable or disabling the interface), while routing successfully switches to the second ISP, the VPN seems to encounter issues. The remote site indicates that the VPN is up, but the internal subnet behind the gateway cannot reach the central management internal IPs over the VPN.

Other point is, central gateway is trying to establish VPN with failovered ISP´s IP. 

 

Thnks.

0 Kudos
3 Replies
AmirArama
Employee
Employee
‎2023-11-09 01:52 AM

Hi,

if all VPN peers are Checkpoint & Centrally managed, you may want to consider using our Quantum SD-WAN for overlay and VPN resiliency. 

0 Kudos
starmen2000
Advisor
Advisor
‎2023-11-09 03:15 AM
In response to AmirArama

Yes, they are centrally managed. Maybe customer can think about it, we alredy informed the customer about sd-wan solutions. Quick question, can customer test it on current environment. As I know, Sd-wan runs on inifinity portal, but on infinity portal I could not see any eval license option. How it works POC on infinity portal?

0 Kudos
AmirArama
Employee
Employee
‎2023-11-09 03:41 AM
In response to starmen2000

of course it can be tested on current environment, we just need to see if the env has no known limitations with SD-WAN. check it out here (https://support.checkpoint.com/results/sk/sk180605)

there is no need for license for the infinity portal. just create account, connect on prem mgmt (i assume?) to the infinity (from the infinity tab).

you just need to enable appi/urlf/vpn for that on all SD-WAN GWs.

if you need assistance in the POC/planning, feel free to contact me at amirar@checkpoint.com

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top