This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jason_Chen
Explorer
‎2019-07-09 02:44 AM

VPN Routing through Center?

We need:

Traffic flow: Satellites GW from branch B、C  need to contact to Remote GW X , the traffic must always pass through Center A.

Example : host (behind branch B or C )=====VPN====>Center A=====VPN=====> Server  (behind Remote GW X)

 

So now the question is How to configure the “Remote GW X “?

 Please share configuration methods and suggestions. Thanks!

Preview file
125 KB
0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion
‎2019-07-09 01:33 PM

Are all gateways Check Point?
In any case create a new Star topology configure satellite X with the correct VPN Topology, same for each other gateway, only add it's own topology.
In the star set Center A as the center gateway and all other gateways as Satellites. In the routing page set routing through center. Allow the traffic that you want to allow and push policy to all gateways.
Regards, Maarten
Jason_Chen
Explorer
‎2019-07-10 11:20 AM
In response to Maarten_Sjouw

Thank you so much for your reply and help!

Are all gateways Check Point?
Yes, all gateways are Check Point.

1)、Satellite X (Remote GW X) is Standalone Deployment, It manages by itself.

2)、Center A and satellite B, C, D are managed by the same SMS server

=================================================================================================
Is the following configuration correct on firewall Satellite X?

Create a new VPN Community:Star mode
Set Center A as the center gateway
Set Satellite X as the Satellites gateway
VPN Routing Options:To center and to other satellites through the center
Set Traffic Policy and push policy to Satellite X


Two questions:
1)、Do satellite B and C need to be created on Satellite X and added to the satellites?
2)、The VPN networks from the satellite B and C that need to access resources behind the remote Satellite X,Are these VPN networks added to the VPN Domain of the Center A?(Center A here is the object on Satellite X

-----------------------------------------------------------------------------------------------------------------------


Is the following configuration correct on SMS server Center A and Satellite B、C、D are centralized management )

VPN Community:Star mode
Center A is the center gateway
branch B、C、D are Satellites gateway (add Satellite X as the Satellites gateway )
VPN Routing Options:To center, or through the center to other satellites, to internet and other VPN targetsThis setting cannot be changed
Set Traffic Policy and push policy to Center A and Satellite B、C、D.


Questions:
1)、Does setting different VPN routing options cause problems?


Thanks a lot !

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-07-10 02:09 PM
In response to Jason_Chen

On the locally managed X you need to add the networks of all other satellites to the VPN domain of the Center A gateway. Do not add any other gateway to the Satellite X.

Changing the VPN routing from the current setting to the route through center to other satellites (NOT Internet) will cause the internet traffic to be direct from the satellites instead of through the center GW.
Regards, Maarten
0 Kudos
Jason_Chen
Explorer
‎2019-07-11 02:19 AM
In response to Maarten_Sjouw

Ok, thanks. I'll try.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events