ISP Redundancy and VPN
|
Note - ISP Redundancy settings override the VPN Link Selection settings. |
When ISP Redundancy is enabled, VPN encrypted connections survive a failure of an ISP link.
The settings in the ISP Redundancy page override settings in the IPsec VPN > Link Selection page.


If the VPN peer is not a Check Point Security Gateway, the VPN may fail, or the third-party device may continue to encrypt traffic to a failed ISP link.
-
Make sure the third-party VPN peer recognizes encrypted traffic from the secondary ISP link as coming from the Check Point cluster
Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..
-
Change the configuration of ISP Redundancy to not use these Check Point technologies:
-
Use Probing - Makes sure that Link Selection uses another option.
-
The options Load Sharing, Service Based Link Selection, and Route based probing work only on Check Point Security Gateways and Clusters.
If used, the Security Gateway or Cluster Members use one link to connect to the third-party VPN peer.
The link with the highest prefix length and lowest metric is used.
-