Site-to-Site Checkpoint to Checkpoint

Learning Outcomes

• How to connect 2 checkpoint firewalls together with site-to-site VPN

• How to configure site-to-site VPN

• Troubleshooting site-to-site VPN

Diagram of the Network

Table of IP addresses

Device Name	IP Addresses
Checkpoint Gateway Group-6.1	DHCP=142.232.197.205
	LAN=192.168.3.1/24
Checkpoint Gateway Group-6.2	DHCP=142.232.197.206
	LAN=192.168.2.1/24
PC1	192.168.3.11
PC2	192.168.2.11

Introduction

The subject we are working on is how to setup site-to-site VPN with 2 Checkpoint devices in order to be able to connect and ping each other. This concept is relevant to many real-world scenarios, as many companies have to use the Internet as a road to reach each other; however, the Internet is very risky due to the fact that there are malicious hackers trying to steal or manipulate your data in transit. Luckily, the best way to overcome this insecurity is to use a secured Virtual Private Network (VPN) setup between two firewall devices to encrypt your traffic on a business-business basis, across the Internet.

Steps

1. Take the Check Point device out of the box, plug in power cable, and connect its “WAN” port to the internet, a Router. Then connect your laptop to “Port1” and on a web browser enter: https://192.168.1.1:4434. The default username and password is: admin which should be changed later for best practices.

2. After logged into the Check Point console, do the basic first-time setup. Make sure to test internet connectivity with “connect” button.

3. After completion you will be brought to the Check Point UI. Go to Device > Internet to check that the device got a Public IP Address. (it should be green, don’t mind the screenshot!)

1. Then go to Device > Local Network > LAN Switch1 and change the network address to what you want to use for your clients (like 192.168.2.0/24 & 192.168.3.0/24).

1. To create the Site-to-Site VPN, go to VPN > VPN Sites > “+ New” then specify these:

• A Site Name, make it meaningful.

• The “Connection Type” should be set to hostname or IP Address.

• For “IP Address” specify the Public WAN IP Address of the other Check Point device.

• Create a Pre-Shared Secret, it must be the same password on both devices.

• At the bottom click “+ New” and specify the remote network you want to access, which is the Private LAN of the of the other Check Point device you want to reach.

1. If the VPN Site was setup correctly, then Devices > VPN Tunnel should show a functional active VPN created and in use.

1. Verify connectivity by pinging the PC’s on both LANs to prove that the VPN is fully functional. Now the VPN should be up and providing a secure, private connection.

Resources

• https://www.youtube.com/watch?v=dXZRGRkEMJI

• https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SitetoSiteVPN_AdminGuide/Topics-VPNSG/Getting-Started.htm?tocpath=_____4#Getting_Started_with_Site-to-Site_VPN

Team:

• Brian

• Brice

• Jeremiah

• Ranger

• Raymond