This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
olpmdER
Participant
Thursday

Domain based VPN, route all traffic through VPN

Hello,

We currently have a VSX environment running on version R80.40, which does not support VTI.

Therefore, the only viable solution is to use Domain-based VPN.

Our network configuration is as follows:

Our Networks => CheckPoint Gateway => 3rd Party Gateway (PaloAlto) => Internet

We aim to establish an IPsec VPN between our CheckPoint Gateway and the 3rd Party Gateway, where the tunnel IPs use private addresses.

Our objective is to route all our networks traffic through this VPN to access the internet. 

this setup can be feasible?

We plan to implement a Star Community setup, using the third option in VPN routing, with the 3rd Party Gateway as the Center Gateway and our CheckPoint Gateway as the Satellite. However, on the CheckPoint Gateway, for the VPN domain on our side, we can define our networks, but on the other side, can we specify 0.0.0.0/0 as the VPN domain?  will this configuration work?

Thank you.

Labels
0 Kudos
4 Replies
the_rock
Legend
Legend
Thursday

I know 2 customers who did it that way, worked fine, no issues. It was with Cisco and Fortigate, but I dont think that matters at all.

Andy

0 Kudos
the_rock
Legend
Legend
Thursday

Also, I made below post few months back, see if it helps you. Here is IMPORTANT thing to remember...IF you will see UNNUMBERED vti's, which is fine, dont freak out if same IP pops up in topology as actual external IP, as thats totally normal, BUT, do make sure route poits to correct remote subnet and it uses that vti interface.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

0 Kudos
olpmdER
Participant
Thursday
In response to the_rock

Thank you, Andy, for your response.

However, this isn't applicable to our implementation since we cannot use VTI. We currently have a VSX environment running on version R80.40, which does not support VTI. Therefore, the only option available to us is a Domain-based VPN.

0 Kudos
the_rock
Legend
Legend
Thursday
In response to olpmdER

Right, I read that part, I was more just sending it for reference. Either way, works fine with domain based, thats what those 2 customers did actually.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events