Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MardoqueoRob
Contributor

ISP redundancy with Gaia routes with external host monitoring with IP Reachability Detection

Hello Everyone,

I have a situation to see if you can support me with your experience.

Objective: have two redundant links (active Backup) through Gaia, Backup traffic returns to primary link when it recovers.

Internet provider ISP 1 (eth0)
Internet provider ISP 2 (eth2)
1.1.1.1 dns (cloudflare)

eth0 
inet addr:192.168.240.8 Bcast:192.168.240.255 Mask:255.255.255.0

 

eth2 
inet addr:192.168.230.22 Bcast:192.168.230.255 Mask:255.255.255.0

 

Static route to the two ISP Gateways, traffic egress priority 192.168.240.253 and as Backup
192.168.230.253

config on Gaia CLI:

set ip-reachability-detection ping address 1.1.1.1 enable-ping on
set static-route default nexthop gateway address 192.168.230.253 priority 2 on
set static-route default nexthop gateway address 192.168.240.253 priority 1 on
set static-route default nexthop gateway address 192.168.240.253 monitored-ip 1.1.1.1 on
set static-route default nexthop gateway address 192.168.240.253 monitored-ip-option fail-any
set static-route 1.1.1.1/32 nexthop gateway logical eth0 priority 1 on

The Gateway 192.168.240.253 is monitoring the IP 1.1.1.1 when it stops responding and
the traffic changes to the ISP2 192.168.230.253

And the monitoring of 1.1.1.1 is done through eth0, which is ISP1, so far everything works
perfectly and if it fails it switches automatically to ISP2

*** I require that when the primary ISP link recovers, the traffic changes to my primary ISP with
priority 1, how could it be configured? I've tried several ways but I can't get it.

*Using ISP redundancy in Smart Console is not an option because I need to divide the
traffic with PBR in Gaia

 




 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

This SK suggests a slightly different configuration is necessary: https://support.checkpoint.com/results/sk/sk156812 

AmirArama
Employee
Employee

do you mean you would like to move all the existing connections from ISP-2 back to ISP-1 ? that's not technically feasible mostly, since the source IP will change.

but new connections should flow successfully from ISP-1 once it's back.
*make sure that the default route changed back to ISP-1.

0 Kudos
the_rock
Legend
Legend

I remember following the sk Phoneboy gave last year and worked fine.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events