Site to Site VPN Configuration Between Checkpoint Gateways :

1. The first and foremost point to remember that you must have the reachability between both
the Peers. Verify that the peer IP is correct and reachable.

2. Login to Smart dashboard and go to VPN Tab as shown in Diagram :

3. Select the Site-To-Site VPN type as per your requirement :

Meshed : A Mesh is a VPN community in which a VPN site can create a VPN tunnel with any
other VPN site in the community

Star : A star is a VPN community consisting of central Security Gateways (or "hubs") and
satellite Security Gateways (or "spokes"). In this type of community, a satellite can create
a tunnel only with other sites whose Security Gateways are defined as central.
4. As you select the type, you will see the setup. Give the name and Colour of Site as per
requirement :
5. 2nd Tab – Participating gateways, where you will add the gateways which will be part of VPN
Community. Click on Add and select the appropriate gateway.
6. 3rd Tab – Encryption, here you will define the encryption parameter such as Encryption,
Integrity and IPSec Parameter’s.

Select “Custom Encryption…” and define the parameter as required.

NOTE : Encryption parameter on both the Peer’s must be same .
7. 4th Tab – Tunnel Management, Keep the setting as default.

Permanent Tunnels - This feature keeps VPN tunnels active allowing real-time
monitoring capabilities.

VPN Tunnel Sharing - This feature provides greater interoperability and scalability
between Security Gateways. It also controls the number of VPN tunnels created between
peer Security Gateways.
8. 5th Tab – Advanced, In Advance tab – Go to Shared Secret

Here you will define the shared secret which will be same on both the peers.

NOTE: 1. if the Checkpoint Gateway belongs to same management server, then no

need to specify the secret key. Peer’s Secret will be based on ICA Certificate.

2. If the Peer is Interoperable device (3rd Party like Cisco ASA., etc) or
Checkpoint gateway is managed externally, then we need to specify the shared
secret.

Note : Shared secret is Case-Sensitive, Set it accordingly.

9. VPN Community settings have been completed, press OK to exit from the Wizard.

10. Now we need to define the traffic, which will be passing through the tunnel. For this open
firewall gateway object (at present our gateway is “corp-eu-amstidc-fw01”).
Select “Topology Tab”….

Here you will find the option to define the VPN Domain. Click on (…) and define the network or host
which should be part of VPN.

Click “OK”.

11. Create a VPN Rule and call the VPN Community in VPN Column:

12. Complete the configuration on Peer end as well. Then save and Push the policy to the
respected Gateway:
13. Open Smart view tracker and check the logs for VPN Community, which should be
encrypted as shown in below Snapshot :