troubleshooting Question

Checkpoint external IP change

Avatar of paulbelsham
paulbelshamFlag for United Kingdom of Great Britain and Northern Ireland asked on
VPNSoftware FirewallsHardware Firewalls
10 Comments1 Solution2547 ViewsLast Modified:
Hi All
I am working with a number of checkpoint firewalls connected together over an IPSEC VPN.
We will be moving over to a new ISP soon so will need to change external IP address of the London firewall.  Our security management server is located behind this gateway and is NATed through for policy push\fetch.

If I change the external IP of the london firewall (along with the IP the SMS is NATed to) will the policy push out to all other gateways ok and also will the VPN tunnels come up?

The process I was going to use is
1.connect to london firewall and change external IP address, gateway dns etc...and wire it into the new connection
2. open the smart dashboard and run a get interfaces with topology to download this new change, also change the gateway ip address if not already done.
3.modify nat rules to reflect new IP range.
4. push policy to london firewall first, then push to all other gateways

My main concern is that the VPN tunnels wont reestablish to London, or the policy wont push.
Has anyone ever done this or am I missing a step somewhere?


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros