- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
You'll need to use Encryption Domain per Community for the on-premises gateway communities with the Azure cluster (where you create a domain-based VPN per-community with the on-premises gateways), and use the empty domain/route-based VPN between Azure cluster and the AzVPNGW gateway. This will work. I presume you aren't using BGP across the domain-based VPN here (no need, really).
So long as a network from the left side diagram doesn't have an overlap on the Cisco vEdge and AzVPNGW VPNs, then you're ok.
If you need the walk-through, here's where to configure EDPC: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...
You can also handle VPN-routing traffic, at the Azure cluster, with VPN Directional matching: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...
Without directional matching, you could end up with traffic flowing, or matching, in odd places you didn't expect. This would be most applicable on the Azure cluster. On the Star communities, you can enable VPN Routing, then use Directional matching rules to enforce that policy.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY