- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi there,
We have a VSX cluster currently running on version R80.30. We have a requirement to migrate the external IP range to a new subnet (within a different part of the same larger IP address block so we have full control over routing within that block etc). However, we have multiple VPNs terminating on some of the virtual firewalls. I notice that in R81.10, Loopback interfaces are supported on VSX for Dynamic Routing over VPNs, however does anybody know if these could be used (and it is a supported configuration) as the source interface of a standard policy based site to site VPN? (Obviously we would need to add /32 routes externally for the old external address that was then migrated to the loopback).
Thanks,
John M
Wow, thats super interesting question...I would be curious to know as well. Personally, I never heard of something like that being supported.
I've seen dummy DMZ interfaces used for similar in the past, but not tested this approach as yet myself.
Suggest requesting a formal answer via TAC or your SE.
What matters is the IP address you configure for Link Selection, which I assume could be that loopback address.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY