This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
soundwave
Explorer
‎2020-10-02 02:10 AM

static route redundancy with different priority nexthop gateways using alternate monitored address

Hi checkmates,

I want to configure route redundancy for a specific static route where the nexthop should be an upstream vpn gateway as priority 1 path and a connected router for priority 2 path.
The priority 2 route should become active when the vpn goes down.

Form my understanding the default nexthop ping monitoring would make no sense since the priority 1 nexthop (upstream vpn gateway) would still be active in case of vpn breakdown.

My idea is to create a dedicated ip on the upstream vpn gateway which then DNAT to a vpn internal remote ip.
This ip should be monitored from the checkpoint and if not reachable then issue the routing failover (priority 2) route.

# monitored nexthop, will be DNATed on the upstream vpn gateway to internal vpn endpoint
set static-route 1.25.93.1/32 nexthop gateway address 1.1.1.100 on

# failover to priority 2 nexthop, failback to priority 1 nexthop once monitored ip becomes up again
set static-route 1.25.80.0/20 nexthop gateway address 1.1.1.4 priority 1 on
set static-route 1.25.80.0/20 nexthop gateway address 1.2.1.4 priority 2 on

I have R80.30 and read about BFD using ICMP ping which would be a possibility but there's not much info on this.

Also do I have to add one route with two gateways and different priorities or two separate identical routes with each gateway using different priorities?

Can someone help me with this?

0 Kudos
1 Reply
Sundeep_Mudgal
Employee
Employee
‎2020-10-05 09:08 AM

From CLI you will need to add a route twice with each gateway using different priorities. In WebUI, you can add two different gateways to a given route. Just to clarify, BFD does not use ICMP. You can use remote-ip monitoring with either ICMP or BFD. Please involve PS, SE or Diamond to help with configuration.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events