A simple diagram of the proposed connectivity would help.
I see a couple of scenarios:
- Have both gateways connected externally with the LAN interface of the Sonicwall connected to either a dedicated or DMZ interface on the Check Point (not your internal LAN). This will prevent the "encrypted" VPN traffic from passing through the Check Point while giving you complete visibility over what the Remote Access users do.
- Put the Sonicwall behind the Check Point on a dedicated interface. This protects the Sonicwall gateway itself (if you're running IPS, etc), but places extra load on the Check Point gateway.
