The following procedure demonstrates how to configure Perimeter 81 on a Check Point firewall using the Checkpoint Smart Console. The example values should be replaced with your actual values that can be found within your Perimeter 81 management platform. Before you start, make sure you have your gateway IP. Please follow the steps below:
Creating a gateway object at the Check Point Smart Console
2. Go to Security Policies.
3. Add Perimeter 81 Gateway as an object as shown in the screenshot below. Please make sure you have your gateway IP (which can be found in the Network tab in your Perimeter 81 Management Platform).
Creating a VPN Star community
1. Create a new Star Community.
2. Fill in the following information.
- Specify an Object Name of your own choice
- Add your Perimeter 81 gateway as Center Gateway
- Add your external Firewall IP as Satellite Gateways
3. Go to Shared Secret.
4. Add a Shared Secret and make sure to write it down as it will also be in use configuring the tunnel at the Perimeter 81 Management Platform. Please note: Check Point recommends choosing a shared secret that contains at least 20 characters.
5. Go to Encryption and set IKE Security. Note that you'll need to set these exact preferences while configuring the tunnel at the Perimeter 81 Management Platform.
6. Go to Tunnel Management.
7. Set VPN Tunnel Sharing to One VPN tunnel per Gateway pair.
8. Important: The remote subnets you defined need to match exactly to the remote subnets entered within the Perimeter 81 side (if additional subnets are added, it can cause the tunnels to break from time to time).
9. Select OK.
Additional settings at the Check Point Smart Console
1. Under Check Point firewall policy, add a rule for any to any, in and out to 10.255.0.0/16 (this may vary if you did not set the default subnet during Perimeter 81 network creation).
2. Create a Network group with All local networks to be trusted with the VPN tunnels.
Adding the Perimeter 81 gateway IP and remote subnet
1. Open the Perimeter 81 object you created.
2. Go to Topology.
3. Select New at the top.
4. Under the General tab, fill in Name, IP Address, and Net Mask.
5. Add Perimeter 81 remote subnet 10.255.0.0 as IP Address.
6. Add "255.255.0.0" as Net Mask.
7. Open the Topology tab. Select Network defined by the interface IP and Net Mask.
8. Select OK.
9. Go to Topology.
10. Select New at the top.
11. Under the General tab, fill in Name, IP Address and Net Mask.
12. Add Perimeter 81 gateway IP xxx.xxx.xxx.xxx as IP Address.
13. Add "255.255.255.255" as Net Mask.
14. Open the Topology tab. Select External (leads out to the internet).
15. Select OK.
16. Publish and Install Policy.
Configure the tunnel at the Perimeter 81 Management Platform
1. Open your Perimeter 81 Management Platform and go to the Network tab.
2. Go to the gateway in your network from which you want to create the tunnel to Azure, select the three-dotted menu (...) beside it and select Add Tunnel.
3. Select IPSec Site-2-Site Tunnel and select Continue.
4. Fill in the following information:
- Name: Choose an indicative name of your own choice
- Shared Secret: Enter the same Shared secret you set in the Check Point Interface
- Public IP: Enter the Check Point public IP
- Remote ID: Enter the Check Point public IP
- Perimeter 81 Gateway Proposal Subnets: Select any or specify according to your needs
- Remote Gateway Proposal Subnets: Enter the Check Point internal subnet(s)
- Fill in the Advanced Settings parameters according to your Check Point settings
5. Select Add Tunnel.