Support for Multiple External IP Addresses
A common use case is a branch office
with more than one Internet link. In case your branch office site
has more than one Internet link, repeat the steps above in order
to create another site.
At the Router Details page, the External
IP should represent the other IP address of your branch office site.
This
IP must be static and accessible from the Internet. You can track
Check Point’s updates regarding support of other topologies at this
User Community thread.
At the Site Details page,
the Location of the cloud service should
be a different location than the one defined at the original site
object. This is because of a technical limitation at the Check Point
side. In this case, typically you would want to select the location
of the cloud service with an option that is the second-closest to
the location of your site, in order to achieve the best performance.
After your other Site is
ready, get the IPsec configuration properties, pre-shared
key, tunnel addresses, and the traffic
routes by viewing the instructions.
Technically, that would mean that one of the Internet
links will have 2 redundant IPsec tunnels served in a location closest
to the branch, while the other Internet link will have 2 tunnels
at the second-closest location to the branch.
Check Point can modify the internal configuration so that each
Internet link would get one tunnel at the closest location and one
tunnel at the second-closest location, therefore having good performance
on both outbound interfaces.
In order to have that enabled, please open a support ticket at
Check Point.
Subject of the ticket should be Please
change the internal configuration of my IPsec tunnels.
Product should be set to Network
Security as a Service.
Description should include:
This practice can be repeated for more than two external IP addresses
per branch office site.
For the remainder of this guide, we will assume one external
IP address, as this process can easily be repeated for each additional
tunnel.
