Platform: https://racks.uninets.com
Lab Name: Checkpoint
Task
Site to site VPN overview
Create a new security gateway with the hostname Branch-firewall. Give an ip adress of 172.11.5.1, and set an eth 1 interface to be 172.11.6.1. Integration with SM
Create a VPN tunnel between firewalls using secret key authentication. Use vpn communities for star type and peer ip. Branch_SG would be 172.11.2.1. Interesting traffic would be the same
Explanation
The ipsec VPN software blade is used to encrypt and decrypt traffic between external networks. Client use smart Dashboard to configure VPN connections between security gateways.
Authentication:- Uses standard authentication methods like pre shared or certificate based
Privacy – All vpn data is encrypted
Integrity:- Uses industry-standard integrity assurance methods
IKE and IPsec
These secure VPN protocols are used by check point VPN to manage encryption keys and send encrypted packets. IKE (internate Key EXchange) protocol is a standard key management protocol used to create vpn tunnels. ipsec protocol supports secure ip communication that is authenticated and encrypted on either private or public networks.
Site to site VPN:-
The encrypted VPN tunnel is the foundation of site-to-site VPN. Two security gateways create a VPN tunnel by creating a link. Each tunnel can have more than one VPN connection.

VPN Communities:- A VPNdomain refers to a group ofinternal networks that use security gateways to send and get information. It is made up of VPN tunnels and associated attributes. VPN Domains can securely communicate through VPN tunnels that end at the security gateways of the VPN communities. VPN communities are based upon star and mesh topology. In a mesh community, there are vpn channels that connect each pair of security gateways.
Routing VPN traffic:- Configure the security gateways so that VPN traffic is routed based upon VPN domains or the routing settings of your operating system
Each VPN gateway must be configured as a default gateway. You must make an existing gateway your default gateway
Domain-based VPN – The VPN traffic is routed according the VPN domain based routing. This allows satellite security gateways to send VPN traffic to each another. The center security gateway creates VPN tunnels for each satellite and routes the traffic to the correct VPN domain
Routed-based VPN: VPN traffic is routed according the routing setting (static/dynamic) of the security gateway operating systems. The security gateway uses a VTI to second VPN traffic as though it were a physical connection.
Configuration
Now, we can take GUI of SG management interface ip address with username-admin [email protected] Open any browser and type https://172.11.5.1 to put credential

Click on Login

Click on next to continue

Click on next to continue.

Here you can change the IP-address for your interface. You can also provide default-gateway and click on next

We can modify the hostname, give domain-name, primary DNS and secondary DNS. All details are optional so it is not being configured now. Here we need to configure the time zone and time for the device. There are two methods to do this. One is manual and one is through NTP. However, we don’t have NTP server so we chose manual method. Click on next

We are configuring our IOS to work. There are two options. One is for act as security gateway or security management. The other is multi-domain server. It is used to manage multiple security managements. However, we only have one security management.