pearlojr.blogg.se - Checkpoint policy based vpn

Remote subnet and mask (the subnet is used in your local network).Remote gateway/router public IP (must be reachable while connected to the dedicated server).Encryption details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2).Pre-shared key - you can generate it or we can provide it.In order to finalize the site-to-site setup on our end, please provide these values via Site-to-site request from in the NordLayer Control Panel: Select External (leads out to the internet) Select Network defined by the interface IP and Net MaskĪdd the IP of your NordLayer gateway as IP Address Under the General tab, fill in Name, IP Address, and Net MaskĪdd NordLayer remote subnet 10.6.0.0 as IP Address Under Check Point firewall policy, add a rule for any to any, in and out to 10.6.0.0/20Ĭreate a Network group with All local networks to be trusted with the VPN tunnelsĪdding the NordLayer gateway IP and remote subnet Set VPN Tunnel Sharing to One VPN tunnel per Gateway pairĪdditional settings at the Check Point Smart Console Please note: Check Point recommends choosing a shared secret that contains at least 20 characters

Add your external Firewall IP as Satellite GatewaysĪdd a **Shared Secret **and write it down as we will also need this value on our end.

Add your NordLayer gateway as Center Gateway.

Specify an Object Name of your own choice.

Please make sure you have the IP of your NordLayer dedicated server

Creating a gateway object at the Check Point Smart ConsoleĪdd NordLayer Private Gateway as an object as shown in the image below. Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.