Site to Site CheckPoint PaloAlto
Learning outcome
Setting up interfaces
Setting up static route
Setting up IKE Gateway
Setting up encryption settings
Setting up VPN Tunnel
Setting up firewall policies
Scenario: Site-to-Site VPN between Checkpoint 1530 firewall and Palo Alto VM in GNS3
First time configuration for Checkpoint Appliance
Reach to checkpoint web interface via https://192.168.1.1:4434
Complete the First time configuration wizard.
You will get DHCP address at this point by connecting the WAN port to the classroom switch with internet connectivity.
After completing the first time configuration you should be able to access the web portal for Checkpoint.
Setting up Site-to-site VPN
Checkpoint
Navigate to VPN> Site to site > VPN Sites > Create a new site
Specify the peer address of other firewall.
Specify the remote local network under the encryption domain.
Configure the encryption settings and make sure that you use same settings on other firewall as well
Under the advanced tab disable Remote gateway is a Checkpoint Security Gateway.
Add a route for PA remote network going through checkpoint WAN IP
PaloAlto
Configure the interfaces for PaloAlto
Interfaces
IP Address
Zones
Ethernet1/1
DHCP Client
VPN
Ethernet1/1
192.168.10.1/24
In
Tunnel 1
-
VPN
Set up your IKE Gateway, make sure the pre-shared key is correct.
Match your settings for IKE Crypto (phase1) and IPSEC Crypto (phase2)
Set up your IPSec Tunnel
Set up static route > virtual router > default > static routes > add new
Set up firewall policies from Inside-VPN and vice-versa.
After this commit your configuration on PaloAlto and your VPN tunnel should be up.Tunnel is up on both firewalls now.
Successful pings from both private networks:
Team
Harshdeep Khurana
Umair Abdullah
Lauren Leam
Shahzaib Hussain
Sik Yue Law
Last updated