- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
This mini concept demonstrates how to connect two data centers using Layer 2 tunneling through two Check Point firewalls via VPN — in this example, a Maestro Dual Site installation. The goal is to provide VLAN connectivity between both data centers, for example within Cisco Nexus environments. A VXLAN tunnel is used for Layer 2 connectivity, and this VXLAN traffic is encrypted via VPN between the Check Point firewalls at both sites.
Step 1: Establish the VPN Connection
In the first step, you create a VPN connection between the firewalls of the two data centers. In this example, a Maestro Dual Site setup is used, with each side having its own Security Group. As shown in the diagram, both Security Groups are connected via a VPN tunnel that provides the encrypted foundation for subsequent communication.
Step 2: Configure the VXLAN Tunnel
In the second step, you can use Cisco Nexus switches to establish a VXLAN tunnel between the two sites — from the Nexus cluster in Data Center 1 (DC1) to the Nexus cluster in Data Center 2 (DC2). This creates the logical Layer 2 link across the VPN-encrypted connection.
Step 3: Provide VLANs over VXLAN
Next, you make the required VLANs (for example, VLAN 100 and VLAN 200) available on the Nexus switches through the VXLAN tunnel. This allows devices in both data centers to operate within the same Layer 2 segments, even though they are physically separated.
Step 4: Adjust the MTU Size
To ensure optimal performance, you may need to adjust the MTU size on the firewalls. This helps prevent excessive IP fragmentation of packets being transmitted through the VPN tunnel, which could otherwise impact performance and stability.
Step 5: Create Firewall Rules
Finally, you must create firewall rules on both Check Point firewalls to allow VXLAN traffic between the two sites. These rules ensure that the encapsulated Layer 2 traffic can traverse the VPN tunnel securely.
By following these steps, you create a secure, encrypted Layer 2 connection between two data centers using Check Point firewalls, VPN, and VXLAN technology.
| User | Count |
|---|---|
| 33 | |
| 19 | |
| 16 | |
| 14 | |
| 7 | |
| 7 | |
| 5 | |
| 5 | |
| 5 | |
| 3 |
Tue 11 Nov 2025 @ 10:00 AM (CET)
Your First Response: Immediate Actions for Cyber Incident Containment- EMEATue 11 Nov 2025 @ 06:00 PM (COT)
San Pedro Sula: Risk Management al Horno: ERM, TEM & Pizza NightTue 11 Nov 2025 @ 06:00 PM (COT)
San Pedro Sula: Risk Management al Horno: ERM, TEM & Pizza NightTue 11 Nov 2025 @ 10:00 AM (CET)
Your First Response: Immediate Actions for Cyber Incident Containment- EMEAThu 13 Nov 2025 @ 10:00 AM (CET)
Cloud Architect Series - Guarding Generative AI: Next-Gen Application Security with CloudGuard WAFFri 14 Nov 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Veriti, Threat Exposure ManagementWed 19 Nov 2025 @ 11:00 AM (EST)
TechTalk: Improve Your Security Posture with Threat Prevention and Policy InsightsTue 11 Nov 2025 @ 06:00 PM (COT)
San Pedro Sula: Risk Management al Horno: ERM, TEM & Pizza NightTue 11 Nov 2025 @ 06:00 PM (COT)
San Pedro Sula: Risk Management al Horno: ERM, TEM & Pizza Night