- Products
- Learn
- Local User Groups
- Partners
- More
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Bulgaria
- Cyprus
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Who rated this post
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'll need to use Encryption Domain per Community for the on-premises gateway communities with the Azure cluster (where you create a domain-based VPN per-community with the on-premises gateways), and use the empty domain/route-based VPN between Azure cluster and the AzVPNGW gateway. This will work. I presume you aren't using BGP across the domain-based VPN here (no need, really).
So long as a network from the left side diagram doesn't have an overlap on the Cisco vEdge and AzVPNGW VPNs, then you're ok.
- For limitations, you still need to be mindful of the default gateway VPN domain, if you have this on any gateway in your management domain: https://support.checkpoint.com/results/sk/sk182946
- There was also an older issue with the traffic selectors, but looks like R&D fixed this: https://support.checkpoint.com/results/sk/sk170857
If you need the walk-through, here's where to configure EDPC: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...
You can also handle VPN-routing traffic, at the Azure cluster, with VPN Directional matching: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SitetoSiteVPN_AdminGuide/Con...
Without directional matching, you could end up with traffic flowing, or matching, in odd places you didn't expect. This would be most applicable on the Azure cluster. On the Star communities, you can enable VPN Routing, then use Directional matching rules to enforce that policy.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
©1994-2025 Check Point Software Technologies Ltd. All rights reserved.
Copyright
Privacy Policy
About Us
UserCenter