This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
hle2001
Explorer
‎2025-07-01 02:32 PM

Site-to-site VPN

Hi everyone,

I am a long time Checkpoint users but Site-to-Site VPN is new to me and need your help.

I have a clusterXL running on model Quantum Spark 1595 manage several networks and one the network is called DMZ network housing AntiVirus server, Windows patch server, and SolarWinds monitoring system. 

The DMZ network address is 10.80.192.0/24.

Security Management Server is in DMZ network (10.80.192.107)

ClusterXL virtual IP is 10.80.192.1 (FWA=10.80.192.2, FWB=10.80.192.3)

The Gateway 1595 still have two more interfaces available.

----------

I had another private network (10.10.10.0/24) connect to Ethernet1 interface on Checkpoint Gateway  model 3600.

The goal is setting up private network to ClusterXL and provide access rules to use resources in DMZ network such as AntiVirus, Patch Update, and network monitoring.

Currently, I setup Ethernet2 interface on Gateway 3600 to connect directly to DMZ Cisco switch (10.80.192.0/24), so the Security Management server (10.80.192.107) can manage GW 3600, and by doing this I  can create access rule for Private Network (10.10.10.0/24) to use all resources in DMZ network. Here the problem, our management want GW3600 interface to ClusterXL 1595 to allow 10.10.10.0/24 network access to DMZ resources.

I am new to Site-to-Site VPN, and our GW3600 and ClusterXL gateway pair 1595 mount in the same cabinet and very close together, can it be done? how to physically connect a single GW3600 to ClusterXL dual GW1595? and how to setup VPN for it to communicate?  Do I need to use two interfaces on GW3600 for it to work?

Thank in advance for your help,

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2025-07-01 03:41 PM

Please provide a network diagram showing all the relevant components (including proposed configuration).
Is the 1595 managed by the same SMS as the 3600?
In any case, it should be possible to set up a VPN between the 3600 Cluster and a single 1595, though the devil is in the details.

0 Kudos
hle2001
Explorer
‎2025-07-07 11:41 AM
In response to PhoneBoy

Sorry I for got to mention. Yes, I had the SMS running GaiA R81.20 to manage both 1595 gateway (embedded R81.10.17) and 3600 gateway cluster (R81.20)

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-07-02 07:57 AM

You would pretty much set it up following info from below link, as say other side was 3rd party, except there would be no interoperable object here.

Andy

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SitetoSiteVPN_AdminGuide/Topics-VP......

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events