Configuring VPN Sites
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 237
To configure a gateway as the center:
1. Select the VPN site from the list.
2. Click Edit.
The Edit VPN Site window opens.
3. In the Remote Site tab:
n
For Connection type, enter the IP address which is the public IP of the remote peer (satellite
gateway).
n
In the Encryption domain, select the networks of the satellite gateway that will participate in
the VPN.
4. In the Advanced tab, select Allow traffic to the internet from remote site through this gateway.
5. Click Apply.
This gateway is now designated as the center. Hide NAT is done automatically in the center gateway.
To configure a gateway as a satellite:
1. Select the VPN site from the list.
2. Click Edit.
The Edit VPN Site window opens.
3. In the Remote Site tab:
n
For Connection type, enter the IP address which is the public IP of the remote peer (center
gateway).
n
In the Encryption domain, select Route all traffic through this site.
4. Click Apply.
This gateway is now designated as a satellite.
You can configure more than one satellite gateway to route all traffic through the center gateway.
If you try to configure two gateways to be the center, an error message shows.
If you do not configure one gateway as a center, the site to site VPN acts like a mesh community and each
gateway continues to handle its own traffic.
To run a tunnel test with a remote site:
Check Point uses a proprietary protocol to test if VPN tunnels are active. It supports any site-to-site VPN
configuration.
Tunnel testing requires two Security Gateways and uses UDP port 18234. Check Point tunnel testing
protocol does not support 3rd party Security Gateways.
1. Select an existing site from the list.
2. Click Test.
To Next Page
Loading...
Need help?
General
