: Support for Multiple External IP Addresses
Focus
Focus

Support for Multiple External IP Addresses

Table of Contents

Support for Multiple External IP Addresses

A common use case is a branch office with more than one Internet link. In case your branch office site has more than one Internet link, repeat the steps above in order to create another site.
  • At the Router Details page, the External IP should represent the other IP address of your branch office site.
    This IP must be static and accessible from the Internet. You can track Check Point’s updates regarding support of other topologies at this User Community thread.
  • At the
    Site Details
    page, the
    Location of the cloud service
    should be a different location than the one defined at the original site object. This is because of a technical limitation at the Check Point side. In this case, typically you would want to select the location of the cloud service with an option that is the second-closest to the location of your site, in order to achieve the best performance.
  • After your other
    Site
    is ready, get the
    IPsec configuration properties
    ,
    pre-shared key
    ,
    tunnel addresses
    , and the
    traffic routes
    by viewing the instructions.
Technically, that would mean that one of the Internet links will have 2 redundant IPsec tunnels served in a location closest to the branch, while the other Internet link will have 2 tunnels at the second-closest location to the branch.
Check Point can modify the internal configuration so that each Internet link would get one tunnel at the closest location and one tunnel at the second-closest location, therefore having good performance on both outbound interfaces.
In order to have that enabled, please open a support ticket at Check Point.
  • Subject
    of the ticket should be
    Please change the internal configuration of my IPsec tunnels
    .
  • Product
    should be set to
    Network Security as a Service
    .
  • Description
    should include:
    • Your account name at Check Point Infinity Portal.
    • The names of the 2 or more sites that represent the same branch office.
This practice can be repeated for more than two external IP addresses per branch office site.
For the remainder of this guide, we will assume one external IP address, as this process can easily be repeated for each additional tunnel.

Recommended For You