AnsweredAssumed Answered

Redundant Site to Site VPNs

Question asked by Rodrigo Castellanos on Apr 19, 2018
Latest reply on Aug 23, 2018 by Rodrigo Castellanos

Has anyone been able to set this up between Check Point and third party devices ? Its Palo Alto in this case. And I will be using different public IPs on local and remote peers. 

 

Do I create a new community with the secondary Peer IP Address? Or add a gateway to the existing community ? What happens with routes (I added another route with higher metric for secondary IP peer)? How does Check Point disable the primary route so the secondary route kicks in if the primary VPN tunnel does down ?

 

I know Palo has something that monitors an IP and if it goes down it disables the primary interface so seconday kicks in. Im just wondering whats the best way to do this on my Check Point side.

Outcomes