Check Point

Introduction

This guide will guide you through the steps needed to establish a Site-to-Site VPN tunnel between your Perimeter 81 network and your Barracuda environment.

Breakdown of topics

1. Pre-requisites
2. Configuration Steps
3. Verifying the Setup
4. Troubleshooting
5. Support Contacts

Pre-requisites

To successfully follow this guide, ensure that:

1. You have an active Perimeter 81 account and network.
2. The Perimeter 81 app is installed on your devices.
3. An active Barracuda account with administrative permissions is accessible.

Configuration Steps

Creating a gateway object in the Check Point Smart Console

1. Open the Check Point Smart Console.
2. Go to Security Policies.
3. Add Perimeter 81 Gateway as an object as shown in the image below. Please make sure you have your gateway IP (which can be found in the Network tab in your Management Platform).
   

Creating a VPN Star community

1. Create a new Star Community.

2. Fill in the following information:

• Specify an Object Name of your own choice.
• Add your Perimeter 81 gateway as Center Gateway.
• Add your external Firewall IP as Satellite Gateways.

3. Go to Shared Secret.
4. Add a Shared Secret and write it down as it will also be used in configuring the tunnel at the Management Platform. Please note: Check Point recommends choosing a shared secret that contains at least 20 characters.

5. Go to Encryption and set IKE Security. Note that you'll need to set these exact preferences while configuring the tunnel at the Management Platform.

6. Go to Tunnel Management.
7. Set VPN Tunnel Sharing to One VPN tunnel per Gateway pair.

8. Important: The remote subnets you defined need to match exactly to the remote subnets entered within the Perimeter 81 side (if additional subnets are added, it can cause the tunnels to break from time to time).
9. Select OK.

Additional settings in Check Point Smart Console

1. Under Check Point firewall policy, add a rule for any to any, in and out to 10.255.0.0/16 (this may vary if you did not set the default subnet during Perimeter 81 network creation).
2. Create a Network group with All local networks to be trusted with the VPN tunnels.
   

Adding the Perimeter 81 gateway IP and remote subnet

1. Open the Perimeter 81 object you created.
2. Go to Topology.
3. Select New at the top.
4. Under the General tab, fill in Name, IP Address, and Net Mask.
5. Add Perimeter 81 remote subnet 10.255.0.0 as IP Address.
6. Add "255.255.0.0" as Net Mask.
   
7. Open the Topology tab. Select the Network defined by the interface IP and Net Mask.
   
8. Select OK.
9. Go to Topology.
10. Select New at the top.
11. Under the General tab, fill in Name, IP Address, and Net Mask.
12. Add Perimeter 81 gateway IP xxx.xxx.xxx.xxx as IP Address.
    
13. Add "255.255.255.255" as Net Mask.
14. Open the Topology tab. Select External (leads out to the internet).
15. Select OK.
16. Publish and Install Policy.

Configuring the tunnel in the Management Platform

1. Open your Management Platform and go to the Networks tab.
2. Go to the gateway in your network from which you want to create the tunnel to Check Point, select the three-dotted menu (...) beside it, and select Add Tunnel.
3. Select IPSec Site-2-Site Tunnel and select Continue
4. Select Single Tunnel, and Click Continue.
   
5. Fill in the following information:
   • In the General Settings section, fill in the following information:
6. Name: Choose whatever name you find suitable for the tunnel.
7. Perimeter 81 Gateway Proposal Subnets: Leave Any (0.0.0.0/0) selected here.
8. Remote Gateway Proposal Subnets: Leave Any (0.0.0.0/0) selected here.
9. At the Advanced Settings section, fill in the following information:
   
   • IKE Version: V2
   • IKE Lifetime: 8h
   • Tunnel Lifetime: 1h
   • Dead Peer Detection Delay: 10s
   • Dead Peer Detection Timeout: 30s
   • Encryption(Phase 1): aes256
   • Encryption(Phase 2): aes256
   • Integrity (Phase 1): sha256
   • Integrity (Phase 2): sha256
   • Diffie-Hellman Groups (Phase 1): 14
   • Diffie-Hellman Groups (Phase 2):14
     Please be sure to verify the tunnel settings under section 3 in the configuration
10. On your network select your three dots and click on Routes Table:
11. Click the Add Route button on the top right, then on this popup fill out accordingly (Tunnel will match the name above, and Subnets will be the subnets you want to reach on the AWS side of the tunnel) and click the Add Route button:
12. Be sure to click Apply Configuration when done.
    

Verifying the Setup

After following the above steps, your tunnel should be active.
To verify, go to your Perimeter 81 dashboard, locate the tunnel you just created, and check the tunnel status.
It should indicate that the tunnel is "Up", signifying a successful connection.
Next, connect to your network using the Perimeter 81 agent and attempt to access one of the resources in your environment.

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at support@perimeter81.com. We're here to assist you and ensure your VPN tunnel setup is a success