Create a Post
Showing results for 
Search instead for 
Did you mean: 

Layer 2 VPN between Check Point & Third Party

A customer specifically asks me to set up a Layer 2 VPN between a Check Point in the main site and a Fortinet in a remote site, so the same VLANs can be used on both side (stretched over the VPN, incl. broadcast domain and all).

I know this is probably not a desirable setup but the customer wants to know what the possibilities are.

I know of setups between two fortinets that do this (VXLAN over IPSEC) but I haven't seen setups with Check Point yet (neither betwen 2 Check Point devices and 1 Check Point & 1 Third Party.

What are opinions on this matter? Any experience regarding this kind of setup?



2 Replies

Check Point can't terminate VXLAN traffic.

That means, on the Check Point side, you would have to terminate it on a switch or similar inside the network.

I believe VXLAN traffic is just regular UDP traffic on a specific port.

From there, it's just a standard VPN configuration, which should work. 


Hello Vxlan is an overlay protocol, currently that technology its not supported on Check Point.

I have used VXLAN implementation on Vmware NSX. You probably can integrate an Open switch on your network to create that L2VPN.

Connecting two Open vSwitches to create a L2 connection between sites « Remi Bergsma's blog 

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events