This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Juan_Concepcion
Advisor
‎2017-09-25 06:44 AM

BGP over VPN between Azure.docx

Documentation which explains how to deploy a site to site VPN between an Azure VPN Gateway and Check Point R80.10 Gateway with BGP routing exchange via route based vpn.

Preview file
1107 KB
18 Replies
Raphael_Cote
Contributor
‎2017-11-14 05:31 AM

I've read that VTI is not supported in VSX mode.  Can I follow this procedure in VSX mode?

Peter_Sandkuijl
Employee
Employee
‎2017-11-28 02:34 AM

Sorry, vti and VSX still don't work together

Timothy_Hall
Legend Legend
Legend
‎2017-11-28 05:17 AM

Confirmed, and I suspect the reason for this limitation is that VTI's are implemented by a completely separate kernel module called vpntmod.  VSX runs pretty much completely in process space.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Jose_W__Castill
Explorer
‎2017-12-20 06:36 AM

Hi, I have a R80.10 Management and a cluster gateway R77.30. Can I follow this procedure? any aditional advice?

Juan_Concepcion
Advisor
‎2017-12-20 09:01 AM

Yes

Sent from my iPhone

PAUL_SAMWAYS1
Participant
‎2018-02-19 06:14 AM

Hi All, I've been trying to setup VPN to Azure with BGP (I've had no problems setting up standard VPN to Azure but require BGP for dynamic routing and thus bigger VPN to Azure, as we don't want to by an Express Route). I don't understand what this is trying to say in the document;

RZomerman
Explorer
‎2020-02-05 05:48 AM
In response to PAUL_SAMWAYS1

Sorry to come back to this one.. 

On the "Interoperable Device" shouldnt the topology be the "External IP of the Azure GW" & the Azure VNET Address Space?

 

Why would i need to set my own CP External IP + Internal Subnet (on CP side) on the Interoperable Device referencing Azure?

0 Kudos
Juan_Concepcion
Advisor
‎2018-02-19 12:07 PM

For the Azure gateway object you have to manually set the topology (on normal gateway you just fetch) and the encryption domain.

Let me know if this isn’t clear.

Sent from my iPhone

Ping_Choi
Participant
‎2020-01-30 08:57 AM

Hi Juan,

Would you happen to know if these steps also apply to Checkpoint R80.30 ?

 

 

Juan_Concepcion
Advisor
‎2020-05-11 12:52 PM
In response to Ping_Choi

No, in R80.30 I was able to do this without setting topology.

0 Kudos
MCS_LTD
Explorer
‎2020-11-05 01:55 PM
In response to Juan_Concepcion

 Is there an updated guide for this? I find the steps required for the Checkpoint to be incredibly hard to follow

Juan_Concepcion
Advisor
‎2021-01-17 01:57 AM
In response to MCS_LTD

Can you please be more specific on which portion your having problems understanding??

0 Kudos
Reyman2021
Participant
‎2021-01-17 01:13 AM

Hi Juan,

The external IP you put here in the topology is different from the real IP of peer gateway? The VPN Peer gateway is 52.225.225.207 and the external IP in the topology is 52.184.160.26. On the other hard I would also 

 

 CAPTURE1.PNG

Juan_Concepcion
Advisor
‎2021-01-17 01:59 AM
In response to Reyman2021

This should match whatever ip address is on the azure vpn gateway.  Oversite in transcription as I rebuilt this several times during documentation build and with each rebuild the ip was different.

0 Kudos
Reyman2021
Participant
‎2021-01-17 09:20 PM
In response to Juan_Concepcion

Okay. By the way where do I get the router-id? 

 

0 Kudos
Reyman2021
Participant
‎2021-01-17 01:15 AM

Hi Juan,

The external IP you put here in the topology is different from the real IP of peer gateway? The VPN Peer gateway is 52.225.225.207 and the external IP in the topology is 52.184.160.26. On the other hard I would also ask where did you get the Router-ID 173.76.170.56? Thank you

CAPTURE1.PNG

0 Kudos
Mark_Bayley
Explorer
‎2021-10-18 06:28 AM

hi,

Can I ask why your local address in the VPN tunnel config is 50.50.50.1? Shouldn't that be a 169.254.0.0/16 address?

0 Kudos
hemh
Participant
‎2023-08-23 01:37 PM

Hi, on my side I struggled a lot to get the BGP peering stably, IPSec tunne is working A1 though. I have a generic Azure VPN GW and firewall. So to make it work with an on prem checkpoint cluster, on each cluster member I configured my cluster VTI Vip as router ID. Azure Local network gateways(one for each ISP as I am dual ISP) are pointing to my VTI cluster Vip also. Since then, everything is working fine

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events