Configuring the Site to Site VPN Blade
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 223
Configuring the Site to Site VPN Blade
In the
VPN
>
Site to Site Blade Control
page you can activate the appliance's ability to create VPN
tunnels with remote sites. Site to Site VPN can connect two networks separated by the Internet through a
secure encrypted VPN tunnel. This allows for seamless secure interaction between the two networks within
the same organization even though they are physically distant from each other.
On this page you can activate the blade to allow site to site connectivity. You can view how many sites are
already defined and configure basic access policy from the remote sites into the specific network
accessible by this gateway.
The remote site can be accessible through another Check Point appliance (recommended) or a 3rd party
VPN solution.
Once defined, access to the remote site is determined by the incoming/internal/VPN traffic Rule Base as
seen in the
Access Policy
>
FirewallPolicy
page. This is due to the fact that the remote site's encryption
domain is considered part of the organization even though traffic to it is technically outgoing to the Internet
(since it is now VPN traffic).
To enable or disable the VPN Site to Site blade:
1.
Select
On
or
Off
.
2.
Click
Apply
.
Note
- When the blade is managed by Cloud Services, a lock icon is shown. You cannot toggle between the
on and off states. If you change other policy settings, the change is temporary. Any changes made locally
will be overridden in the next synchronization between the gateway and Cloud Services.
A warning icon is shown if the blade is active but no VPN sites are defined. Click
VPN Sites
to add a VPN
site or see how many VPN sites are defined. The full list of the sites is located in
VPN
>
Site to Site VPN
Sites
.
To configure the default access policy from remote VPN sites:
1.
Select or clear the
Allow traffic from remote sites (by default)
checkbox. It is not recommended to
clear this checkbox, as the remote site is usually part of your organization.
2.
Select or clear the
Log remote sites traffic (by default)
checkbox.
3.
Click
Apply
.
Local Encryption Domain
The local encryption domain defines the internal networks accessible by encrypted traffic from remote
sites and networks, that traffic from them to remote sites is encrypted. By default, the local encryption
domain is determined automatically by the appliance. Networks behind LAN interfaces and trusted
wireless networks are part of the local encryption domain. Optionally, you can manually create a local
encryption domain instead. See the
VPN
>
Site to Site Advanced
page for instructions.