GCP HA VPN with Check Point

JatiIndrawan2 · 12-08-2023 06:58 PM

Hi, I have condition that onpremise data center team change the firewall from Cisco ASA and Checkpoint.
Previously Cloud HA VPN setup already established between Cisco ASA and GCP HA VPN.
But after they change the Firewall to Checkpoint, the tunnel is up but the BGP is down. Is there any one have experience of that?
And i also cannot find any document proven that Checkpoint support HA VPN to GCP HA VPN. I only can find that checkpoint can established to simple cloud VPN with BGP.

Meanwhile creation Classic Cloud VPN and HA VPN is different also. so i am not sure checkpoint can support this.

Marvin_Lucero

Hi @JatiIndrawan2 ,

One way to determine if this Checkpoint HA VPN and GCP HA VPN is by checking the logs. You can utilize GCP's log explorer and use VPN queries to check where the problem is. You can also check the VPN logs of Checkpoint on the other hand and try to compare it with GCP's. I understand that there were no official or public documentations regarding HA VPN for both GCP and Checkpoint, but the idea of Checkpoint having Vendor-specific notes with GCP documentations implies that it can somehow work.

JatiIndrawan2

Hi All, after sometimes i want to update the case. This is related new checkpoint software bug. It happen on new Checkpoint Hardware with Cluster active - active. The other way to solve this is create new different VPN per interface on GCP and Checkpoint as single VPN