This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
manny799
Explorer
‎2022-03-11 07:46 AM

Can Loopback be Used as a VPN Source on VSX?

Hi there,

We have a VSX cluster currently running on version R80.30. We have a requirement to migrate the external IP range to a new subnet (within a different part of the same larger IP address block so we have full control over routing within that block etc). However, we have multiple VPNs terminating on some of the virtual firewalls. I notice that in R81.10, Loopback interfaces are supported on VSX for Dynamic Routing over VPNs, however does anybody know if these could be used (and it is a supported configuration) as the source interface of a standard policy based site to site VPN? (Obviously we would need to add /32 routes externally for the old external address that was then migrated to the loopback).

Thanks,

John M

0 Kudos
3 Replies
the_rock
Champion
Champion
‎2022-03-11 10:43 AM

Wow, thats super interesting question...I would be curious to know as well. Personally, I never heard of something like that being supported.

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-03-11 06:12 PM

I've seen dummy DMZ interfaces used for similar in the past, but not tested this approach as yet myself.

Suggest requesting a formal answer via TAC or your SE.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-13 06:38 AM

What matters is the IP address you configure for Link Selection, which I assume could be that loopback address.

0 Kudos