This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Willem_Goethals
Participant
‎2019-02-14 01:27 AM

Layer 2 VPN between Check Point & Third Party

A customer specifically asks me to set up a Layer 2 VPN between a Check Point in the main site and a Fortinet in a remote site, so the same VLANs can be used on both side (stretched over the VPN, incl. broadcast domain and all).

I know this is probably not a desirable setup but the customer wants to know what the possibilities are.

I know of setups between two fortinets that do this (VXLAN over IPSEC) but I haven't seen setups with Check Point yet (neither betwen 2 Check Point devices and 1 Check Point & 1 Third Party.

What are opinions on this matter? Any experience regarding this kind of setup?

Yours,

Willem

Reply
2 Replies
PhoneBoy
Admin
Admin
‎2019-02-14 08:40 PM

Check Point can't terminate VXLAN traffic.

That means, on the Check Point side, you would have to terminate it on a switch or similar inside the network.

I believe VXLAN traffic is just regular UDP traffic on a specific port.

From there, it's just a standard VPN configuration, which should work. 

Reply
Pablo_Barriga
Advisor
‎2019-02-27 08:16 PM

Hello Vxlan is an overlay protocol, currently that technology its not supported on Check Point.

I have used VXLAN implementation on Vmware NSX. You probably can integrate an Open switch on your network to create that L2VPN.

Connecting two Open vSwitches to create a L2 connection between sites « Remi Bergsma's blog 

0 Kudos
Reply