Hi,
This is only an idea, unfortunately I can't test is yet. Please be cautious.
This is a simple interface modificationm and a VPN Domain extension
So I would create an IF which exists only on the GW (you need to discuss with the network team for the availabe IPs and VLANs)
![2024-12-29 19_55_20-Cloud Demo Server [ID_784674684]-R81.20-SmartConsole.png 2024-12-29 19_55_20-Cloud Demo Server [ID_784674684]-R81.20-SmartConsole.png](https://community.checkpoint.com/t5/image/serverpage/image-id/29042iB8E9CFB838D9A95A/image-size/small?v=v2&px=200)
You will query the GE on this interface (in this case 192.168.99.1)
Then and it to the ENC_ DOM (VPN Domain)

You need to add it both sides.
Create the neccesary Access Rules.
When the packet arrives to the GW, because the newly created LAN is a connected LAN, the route will direct to that interface (192.168.99.1) the trafic.
Akos
----------------
\m/_(>_<)_\m/