CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 2 of 2

Thread: ISP Redundancy R75.20 and cpisp_update

  1. #1
    Join Date
    Hong Kong
    Rep Power

    Default ISP Redundancy R75.20 and cpisp_update

    Dear all,

    I'm trying to configure ISP redundancy in a lab in primary/backup config on R75.20 splat's.

    As far as i see it everything is configured correctly according to the documentation from CP, my question is, there is a lot of reference to cpisp_update scripts, which i can see on both gateways with ISP redundancy configured, but i am not clear on whether or not there is anything i need to configure within this script in order to make the redundancy work off the bat. I've read the comments, and the pdf's from CP but cannot see how it relates to a basic configuration such as the one i'm looking at.

    The documentation specifies in order for this to work:

    a)The script "cpisp_update" must be present (it is)

    b) The gateway must be configured for dynamic IP resolution (not sure what they mean here? is this only required if you are dealing with dns for incoming service requests http, mail etc)

    c) In a Primary/Backup configuration, the interface connected to the primary ISP must be defined as the Primary IP. (it is)

    So far i've tested by disconnecting the primary connection, and internet access does not failover, there is a message in the tracker on the affected gateway that the link is down, but the default route appears not to be changed.

    Before i troubleshoot in more depth - would be great if someone can clarify the above re cpisp_update.

    Thanks for any guidance - and if you need any further info please let me know.



  2. #2
    Join Date
    Hong Kong
    Rep Power

    Default Re: ISP Redundancy R75.20 and cpisp_update

    I am something of a bozo: sk61692 "Troubleshooting ISP Redundancy" helped me here, should have seen it sooner.

    1. there seems to be no need to fiddle with cpisp_update unless you are using site to site VPN's were you need to rearrange NAT after a failover, or other more complex scenarios (i am doing this but have yet to tackle that aspect).

    2. My issue was with the hosts i was using to monitor if the links were down in the gateway object in the policy:.


    4. ISP link > Advanced (On each link)

    *Do NOT define the same object on both links.
    [Doing so will cause failover to not occur.]

    Thanks for reading regardless.

Similar Threads

  1. Replies: 2
    Last Post: 2011-08-11, 10:15
  2. 3rd ISP in ISP Redundancy
    By edb105 in forum ISP Redundancy
    Replies: 1
    Last Post: 2008-02-06, 21:07
  3. ISP Redundancy
    By ppawlo in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2007-06-20, 13:29
  4. Force one ISP with ISP REDUNDANCY
    By Porter in forum ISP Redundancy
    Replies: 7
    Last Post: 2007-05-16, 09:23
  5. ISP Redundancy
    By jchilders1 in forum ISP Redundancy
    Replies: 0
    Last Post: 2005-10-10, 14:26

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts