This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
shauls
Explorer
Monday

IPSec VPN between CheckPoint and Prisma Access

Hey guys,

I was asked to make a test in which I will route all internet traffic from specific subnet (for example 10.10.10.0/24) to Prisma Access.

I configured the necessary part in Prisma Access Remote Networks IPSec VPN, but what are my options in order to this in checkpoint?

I was thinking to make a VPN community in which the VPN Domain will be 0.0.0.0/0, with excluding RFC1918 addresses and CGNAT address.

Is it even possible? Are there other options?

0 Kudos
5 Replies
shauls
Explorer
Monday

I am thinking that maybe Route Based VPN with PBR will be more appropriate solution, but I am not sure how to implement it. 

In VTI configuration, what do I configure as remote peer ip address and local ip address? I only have Prisma Access Public IP.

0 Kudos
the_rock
Legend
Legend
Monday
In response to shauls

See if below post I made about a year ago helps. I know its Azure, but would be very similar. I know Prisma is Palo Alto, if Im not mistaken. I only seen it once myself, apologies, but not familiar with it at all. But, to answer your question about route based, yes, you can follow documents I have in the link, hope it makes sense.

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

0 Kudos
shauls
Explorer
Monday
In response to the_rock

I understand that I could just "gibberish" the VTI numbered addresses, is this correct? 

0 Kudos
the_rock
Legend
Legend
Monday
In response to shauls

Thats right. See below from another post while back example I gave. Message me directly if you need further explanation.

Andy

 

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-failover-issue/m-p/155553#M265...

0 Kudos
the_rock
Legend
Legend
Tuesday
In response to shauls

Hey @shauls , were you able to figure this out?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events