Configuring Perimeter 81 Site-To-Site with Check Point Firewall

Follow

The following procedure demonstrates how to configure Perimeter 81 on a Check Point firewall using the Checkpoint Smart Console. The example values should be replaced with your actual values that can be found within your Perimeter 81 management platform. Before you start, make sure you have your gateway IP

 

1. Creating a gateway object at the Check Point Smart Console

  1. Open the Check Point Smart Console.
  2. Go to Security Policies.
  3. Add Perimeter 81 Gateway as an object as shown in the screenshot below. Please make sure you have your gateway IP (can be found in the network tab in your Perimeter 81 Management Platform).
 

2. Creating a VPN Star community

  1. Create a new Star Community.
    pic.jpg
  2. Specify an Object Name of your own choice.
  3. Add your Perimeter 81 gateway as Center Gateway.
  4. Add your external Firewall IP as Satellite Gateways.
  5. Go to Shared Secret.
  6. Add a Shared Secret and make sure to write it down as it will also be in use configuring the tunnel at the Perimeter 81 Management Platform.
    1__1_.png
  7. Go to Encryption and set IKE Security. Note that you'll need to set these exact preferences while configuring the tunnel at the Perimeter 81 Management Platform.
    2.png
  8. Go to Tunnel Management.
  9. Set VPN Tunnel Sharing to One VPN tunnel per Gateway pair.
    3.png
  10. Press OK. 

3. Additional setting at the Check Point Smart Console

  1. Under Check Point firewall policy, add rule for any to any, in and out to 10.255.0.0/16 (this may vary if you did not set the default subnet during Perimeter 81 network creation).
  2. Create Network group with All local networks to be trusted with the VPN tunnels.
 

4. Adding the Perimeter 81 gateway IP and remote subnet

  1. Open the Perimeter 81 object you created.
  2. Go to Topology.
  3. Click New at the top.
  4. Under the General tab, fill in NameIP Address and Net Mask.
  5. Add Perimeter 81 remote subnet 10.255.0.0 as IP Address.
  6. Add 255.255.0.0 as Net Mask.
  7. Open the Topology tab. Choose Network defined by the interface IP and Net Mask.
  8. Click OK.
  9. Go to Topology.
  10. Click New at the top.
  11. Under the General tab, fill in NameIP Address and Net Mask.
  12. Add Perimeter 81 gateway IP xxx.xxx.xxx.xxx as IP Address.
  13. Add 255.255.255.255 as Net Mask.
  14. Open the Topology tab. Choose External (leads out to the internet).
  15. Click OK.
  16. Publish and Install Policy.

5. Configure the tunnel at the Perimeter 81 Management Platform

    1. Open your Perimeter 81 Management Platform and go to the Network tab.

      image12.png

    2. Go to the gateway in your network from which you want to create the tunnel to Azure, click the 3 dots besides it and press Add Tunnel.

      image7.png
    3. Choose IPSec Site-2-Site Tunnel and click Continue.
    4. Fill in the fields according to the following:
      • Name: Choose an indicative name of your own choice.
      • Shared Secret: Enter the same Shared secret you set in the Check Point Interface.
      • Public IP: Enter the Check Point public IP.
      • Remote ID: Enter the Check Point public IP.
      • Perimeter 81 Gateway Proposal Subnets: Choose the any or specify according to your needs.
      • Remote Gateway Proposal Subnets: Enter the Check Point internal subnet(s).
      • Fill in the Advanced Settings parameters according to your Check Point settings.
        Add Tunnel.
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.