CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: Bandwidth reservation for site to site IPSec VPN

  1. #1
    Join Date
    2018-06-13
    Posts
    1
    Rep Power
    0

    Default Bandwidth reservation for site to site IPSec VPN

    Hi, is there a way to configure the dedicated bandwidth for the IPSec site to site VPN connection? Users are experiencing the sluggish connection issue over the VPN tunnel.

    Thank you in advance for the answer,

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,224
    Rep Power
    13

    Default Re: Bandwidth reservation for site to site IPSec VPN

    Quote Originally Posted by Yorkland View Post
    Hi, is there a way to configure the dedicated bandwidth for the IPSec site to site VPN connection? Users are experiencing the sluggish connection issue over the VPN tunnel.

    Thank you in advance for the answer,
    Yes, but you'll have to enable the QoS blade on your firewall and assign a QoS policy. In the Action field of the QoS policy rule you can define a bandwidth guarantee, and there is also another checkbox called "Apply rule only to encrypted traffic" you'll need to set to ensure the guarantee only applies to encrypted traffic. Just be sure to correctly define the Internet bandwidth on the external firewall interface's topology, and not get carried away with the size of the guarantee as it can slow all other non-guaranteed traffic to a crawl if it is too large. Also consider perhaps using Weighted Fair Queueing instead to prioritize VPN traffic but still giving other traffic a reasonable amount of bandwidth.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

Similar Threads

  1. TCP/UDP connections fail through Site-to-Site IPSec VPN - Check Point 1100
    By DawidK in forum Check Point Series 80/1100 Appliances
    Replies: 4
    Last Post: 2015-12-09, 10:24
  2. Will changing gateway IP break site-to-site IPSec VPNs?
    By Surge in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 4
    Last Post: 2014-02-14, 06:50
  3. Checkpoint 4600 To Cisco 5505 ASA Site to Site IPSec Help
    By jg93635 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2013-08-21, 17:37
  4. IPSEC Site to Site Tunnels Stop Passing Traffic
    By dhrehor in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2013-05-02, 03:59
  5. one way tunnel? Site-to-site IPSec, Cisco router to R71
    By dfriedl in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 7
    Last Post: 2011-01-13, 22:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •