Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
starmen2000
Collaborator
Collaborator

VPN problem in ISP redundancy scenario

Hi mates,

 

Our client has a WAN site with dual ISPs connecting to the Central Management Gateway. They want to  implement ISP redundancy. In the event of a failover, the WAN site should establish a VPN connection over the secondary ISP to the central gateway. We've configured ISP redundancy using the Smart Console. However, during our failover tests (unplugging the cable or disabling the interface), while routing successfully switches to the second ISP, the VPN seems to encounter issues. The remote site indicates that the VPN is up, but the internal subnet behind the gateway cannot reach the central management internal IPs over the VPN.

Other point is, central gateway is trying to establish VPN with failovered ISP´s IP. 

 

Thnks.

0 Kudos
3 Replies
AmirArama
Employee
Employee

Hi,

if all VPN peers are Checkpoint & Centrally managed, you may want to consider using our Quantum SD-WAN for overlay and VPN resiliency. 

0 Kudos
starmen2000
Collaborator
Collaborator

Yes, they are centrally managed. Maybe customer can think about it, we alredy informed the customer about sd-wan solutions. Quick question, can customer test it on current environment. As I know, Sd-wan runs on inifinity portal, but on infinity portal I could not see any eval license option. How it works POC on infinity portal?

0 Kudos
AmirArama
Employee
Employee

of course it can be tested on current environment, we just need to see if the env has no known limitations with SD-WAN. check it out here (https://support.checkpoint.com/results/sk/sk180605)

there is no need for license for the infinity portal. just create account, connect on prem mgmt (i assume?) to the infinity (from the infinity tab).

you just need to enable appi/urlf/vpn for that on all SD-WAN GWs.

if you need assistance in the POC/planning, feel free to contact me at amirar@checkpoint.com

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events