As i checked in Zscaler Official Website they have given list which is supported Firewall device for IPSEC Tunnel so checkpoint Device not in list ,(So my first question is why checkpoint is not supportable device to build tunnel with Zscaler ) (For GRE I know that checkpoint is not supported this feature)
My requirement is matching which given diagram which is not exact customer digram but its scenario found from zscaler , So, In My Client environment
GRE Tunnels from the Border Router to the ZENs
Second Diagram JPG
ISP ---> ROuter --->IPS (IN L2 Mode)-->SwitchL2-->Checkpoint Device ----> LAN SWICH AND OTHER USERS
In this requirement If Zscaler is making GRE WIth CISCO ROuter RIght so how can i pass traffic to GRE Tunnel Without NAT , Becuase From Router to CP WAN PUblic LAN Pool we are using .and presently i have configured Hide nat to forward traffic of private pool towards Internet (By router)
(Zscaler need to give reporting with Original LAN IP so they want without nat traffic)
So, i dont know if i will disable NAT so traffic will go to router side or not , and If it s done then as per standard i am doing right thing or not can you please suggest me , because outside firewall if we are publishing our local LAN it will be security bridge right .
SO What will be feasible suggestion.
Another option we are thinking is (First option which i mentioned that IPSEC Tunnel between CP to Zscaler) But in this case we need to forward only 80 and 443 port traffic so is not possible becuase as i know PBR is not supported with service based traffic forwarding
Our device in R80.10 and latest one so there is no limitation with update.