https://community.checkpoint.com/t5/General-Topics/Is-this-a-common-proven-VPN-Routing-setup-using-vpn-route-conf/m-p/10999#M1595 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P>I searched for the right place asking this, nothing was 100% suitable, hope this place is not too wrong.</P><P><BR />My question is basically about vpn routing. I uploaded a topology picture of the current setup and the target setup.<BR />I think I put all the necessary information inside, nonetheless, below few words about it <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P></P><P><SPAN style="text-decoration: underline;">The final target is like:</SPAN></P><UL><LI>Communication between Site-Z and Site-D, E &amp; F should be unencrypted but still inspected by the firewalls using dedicated private line</LI><LI>Site-D is acting as hub for Site-E &amp; F to reach Site-Z</LI><LI>Site-D itself is communicating as well to Size-Z using the private line</LI><LI>Private line is transparent to the SGWs. They just need to sent the traffic to the corresponding site RTR.</LI></UL><P></P><P><SPAN style="text-decoration: underline;">Current plannning:</SPAN></P><UL><LI>Remove Site-D, E &amp; F from Star VPN Community</LI><LI>Using vpn_route.conf to promote FW_SiteD as Hub GW for Site-E &amp; F</LI><LI>Set some static routes on FW_SiteD to route traffic from Site-D, E &amp; F through private line to Site-Z</LI><LI>Set some static routes on FW_SiteZ to route traffic from Site-Z through private line to Site-D, E &amp; F</LI></UL><P><BR />I tested this already in a lab and it´s working fine so far.<BR />My question to you, is this a common / proven way to achieve the&nbsp;target scenario? Or did i missed something / are there better ways to do?<BR />I´m wondering if there is another way which is more, let´s say, "visible"?</P><P>I appreciate any kind of feedback, especially on any real world experience on this kind of setup.</P><P></P><P>Regards</P><P>Rick</P></BODY></HTML> Mon, 29 Oct 2018 16:49:37 GMT Rick_Ther 2018-10-29T16:49:37Z https://community.checkpoint.com/t5/General-Topics/Is-this-a-common-proven-VPN-Routing-setup-using-vpn-route-conf/m-p/10999#M1595 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P>I searched for the right place asking this, nothing was 100% suitable, hope this place is not too wrong.</P><P><BR />My question is basically about vpn routing. I uploaded a topology picture of the current setup and the target setup.<BR />I think I put all the necessary information inside, nonetheless, below few words about it <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P></P><P><SPAN style="text-decoration: underline;">The final target is like:</SPAN></P><UL><LI>Communication between Site-Z and Site-D, E &amp; F should be unencrypted but still inspected by the firewalls using dedicated private line</LI><LI>Site-D is acting as hub for Site-E &amp; F to reach Site-Z</LI><LI>Site-D itself is communicating as well to Size-Z using the private line</LI><LI>Private line is transparent to the SGWs. They just need to sent the traffic to the corresponding site RTR.</LI></UL><P></P><P><SPAN style="text-decoration: underline;">Current plannning:</SPAN></P><UL><LI>Remove Site-D, E &amp; F from Star VPN Community</LI><LI>Using vpn_route.conf to promote FW_SiteD as Hub GW for Site-E &amp; F</LI><LI>Set some static routes on FW_SiteD to route traffic from Site-D, E &amp; F through private line to Site-Z</LI><LI>Set some static routes on FW_SiteZ to route traffic from Site-Z through private line to Site-D, E &amp; F</LI></UL><P><BR />I tested this already in a lab and it´s working fine so far.<BR />My question to you, is this a common / proven way to achieve the&nbsp;target scenario? Or did i missed something / are there better ways to do?<BR />I´m wondering if there is another way which is more, let´s say, "visible"?</P><P>I appreciate any kind of feedback, especially on any real world experience on this kind of setup.</P><P></P><P>Regards</P><P>Rick</P></BODY></HTML> Mon, 29 Oct 2018 16:49:37 GMT https://community.checkpoint.com/t5/General-Topics/Is-this-a-common-proven-VPN-Routing-setup-using-vpn-route-conf/m-p/10999#M1595 Rick_Ther 2018-10-29T16:49:37Z