This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alluka
Contributor
‎2020-08-19 12:36 PM

My first VPN with checkpoint technology

Good afternoon. I'm trying to configure my first VPN with checkpoint technology, but I can't do it.

I want to enter my local home network through the internet through a VPN Check Point 600 Appliance Version:R77.20.80

I wrote my Public IP address assigned by my ISP,
Select option Route all traffic through this site.
When I do the VPN connection test, it does not pass, what is the reason why the test does not pass?

What am I doing wrong?
can you help me please ❤️

MyFirstVPN.pngError.png

12 Replies
PhoneBoy
Admin
Admin
‎2020-08-19 12:59 PM

The "site" you are attempting to create is the remote end of a site-to-site VPN.
Which means you wouldn't be entering your public IP here, but the public IP of the remote end.
What is the remote end of the VPN in this case?

Alluka
Contributor
‎2020-08-19 05:54 PM
In response to PhoneBoy

Excuse me but I did not understand you, I want to connect to my local network with an VPN from my computer  using internet, through Check Point 600 Device version: R77.20.80... I looked in the documentation but I don't see any manual for R77.20.80. that you configure the equipment, in addition the pdf documentation is done through executable software or from the terminal, but there is a manual from the web UI.

 

Can you please guide me, in which menu is the VPN configured? Am I in the wrong menu? What is the menu to configure the VPN?

HristoGrigorov
Mentor
Mentor
‎2020-08-19 08:21 PM
In response to Alluka

If I get it right, what you need to configure is Remote Access and you are trying to configure Site-to-Site VPN. 

Alluka
Contributor
‎2020-08-20 07:35 AM
In response to HristoGrigorov

@HristoGrigorov 

@PhoneBoy 

Thank for reply

 

I am following this guide

SMB Appliances - How to connect to the office using Check Point Remote Access (VPN) clients?

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Solution

Download and Install

  1. Download and run the latest installation file. Refer to the Remote Access (VPN) Clients product page.
    For more information on Check Point Remote Access Solutions, see sk67820.
  2. During installation, select Endpoint Security VPN 
  3. Complete installation and reboot.
  4. For more operating systems and versions, go to Remote Access (VPN) Clients product page.

Configure

  1. Right-click the product notification icon and click on VPN Options.
  2. On the Sites tab, click New - the Site Wizard will start.
  3. Click Next.
  4. Enter the IP address of the SMB Appliance in your organization, given to you by your administrator, and click Next.
  5. Choose Authentication method Username and Password.

Connect

  1. Right-click the product notification icon and click on Connect.
  2. Enter username and password (consult your administrator if you do not know them) and click Connect

USER

 

 

Client on Windows:

 

what am I doing wrong ? please help me.

Alluka
Contributor
‎2020-08-20 11:22 AM
In response to HristoGrigorov

I entered that IP address in the browser.
The checkpoint Firewall Next Generation Check Point 600 Appliance device page opens

addresss.png

HristoGrigorov
Mentor
Mentor
‎2020-08-20 11:33 AM
In response to Alluka

This is the admin interface and not remote access one. It does seem like the appliance does not have static Internet address?

PhoneBoy
Admin
Admin
‎2020-08-20 02:37 PM
In response to Alluka

Shouldn’t you use the public address (the 200 one) here?
The 10 address is a private address that won’t be reachable from the Internet.

Alluka
Contributor
‎2020-08-20 06:39 PM
In response to PhoneBoy

 

 

No, currently my ISP (Internet service provider) does not offer me a static Internet address, but a dynamic IP address is not a problem, I will pay for a DNS service with my own domain

Before purchasing a DNS service I want to configure my Firewall with VPN.

I am not an expert in networks and computer security, but I have basic knowledge, I know a little about this topic.

I am in the menu, device> Routing.
I don't understand what this routing table works for, or what it does

Routing: View the routing table and configure manual routing rules
IPv4 Routing Table

routing.png


To see my public IP address I enter the website whatismyip.com I currently have "190.1.145.22"

When I type this IP address in the browser, I can enter my ISP's rounter.
PS: for security measures this is not my real ip, it is an example. is 190.xx.xx.xx

I am thinking that the device has a bad configuration?

 

 

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-08-20 08:24 PM
In response to Alluka

You seem to have private IP (10.20.30.1) assigned to the Internet connection at the moment. That will not work for remote access. You need to reconfigure your WAN interface so that it is assigned public IP either statically or dynamically. Then you can use some free DDNS service to always have the current public IP assigned to a hostname. Your own DNS will likely not help because you will need to update that IP manually every time it changes.

Alluka
Contributor
‎2020-08-21 06:37 AM
In response to HristoGrigorov

I'm so sorry. I did not want to put the real IP addresses for security measures but I need to configure this device.

I don't know if the correct term is private ip but this address is from my DHCP ISP's rounter 10.10.10.1

ISP's Rounter
DHCP
10.10.10.1

CheckPoint
DHCP
10.0.0.1

 

This is the network diagram, how my network is structured

3 (4).png

router.png

IPRouting.png

 

 

Do I need to reconfigure my WAN interface?

PD: Post Edited press F5 🙂

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-08-21 08:48 PM
In response to Alluka

You need to either assign public IP on the CheckPoint device or setup NAT from your border router to CheckPoint appliance  (TCP/443 and UDP/4500). 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top