Site-to-Site VPN

In a nutshell

All users on the network are unaware of the VPN connection between the two Gateways

Check Point Site-to-Site VPN

Two options for VPN topologies

Hub and Spoke:

Full Mesh:

IPSec VPN Solution

The Security Gateway uses the IPsec suite to encrypt and decrypt traffic to and from other Security Gateways. The protocols must match between the SGWs

Internet Key Exchange (IKE)

IKE and Deffie-hellman are used for the key exchange (public keys); IKEv1 is the default version, Check Point Remote VPNs can only use this version.

VPN Phases

Phase 1
- Establish a Control Tunnel between the two SGWs
- Protocols must match on both ends
- This is initiated using certificates or a PSK
Phase 2
- Establish the Data Tunnel between the two SGWs
- Again protocols must match on both ends

VPN Communities

VPN Considerations

VPN Creation Workflow

Practice Questions

PreviousSecurity Elevation NextMonitoring Operations

Last updated 11 months ago

Was this helpful?