I hope you are doing fine.
I started working as Check Point admin of a large corporation, and my first challenge is to migrate our Remote Access VPN from one vendor that we are currently using to Check Point Remote Access VPN solution. I have implemented Remote Access VPNs in simple environments with a single gateway and Management server, but I now have to implement it in a much complex environment, thats why I need a hand. The diagram bellow gives an high-level overview of our infrastructure.
Based on the diagram above, I would like to have your help with regards to the following questions:
1. Do I have to buy remote access VPN (mobile access) for both clusters (Internal and external)? if yes why? if not why?
2. Since the clusters are operating in Load-sharing unicast, do I have to activate Sticky Decision Function in cluster properties? if yes why? if no why?
3. Should Sticky Decision Function be activated on both clusters (Internal and External)?if yes why? if no why?
4. Is there any documentation or SK you would recommend for implementation of Remote Access VPN in similar environment? or maybe share your experience if you have worked on similar environment.