Endpoint Security VPN for macOS Administration Guide

Encryption Domains

Example architecture setups of an encryption domain.

Scenario 1 Dedicated Encryption Domain

#	Component	Connects To
1	Gateway of Site 1	Gateway of Site 2 in site-to-site VPN Endpoint Security VPN, as their VPN gateway
2	Gateway of Site 2	Gateway of Site 1 in site-to-site VPN
3	Servers in Remote Access Encryption Domain	Servers in the Encryption Domain of Site 2
4	Servers in Remote Access Encryption Domain	Servers in the Encryption Domain of Site 1
5	Endpoint Security VPN	Gateway of Site 1 through encrypted VPN Permitted servers (3) Note - Cannot connect to denied servers (4)

Scenario 2 Access to External Encryption Domain

#	Component	Connects To
1	Gateway of Site 1	Gateway of Site 2 in site-to-site VPN Endpoint Security VPN, as their VPN gateway Relays clients to servers in other site's encryption domain (4) through VPN
2	Gateway of Site 2	Gateway of Site 1 in site-to-site VPN
3	Servers in Remote Access Encryption Domain	Servers in the Encryption Domain of Site 2
4	Servers in Remote Access Encryption Domain	Servers in the Encryption Domain of Site 1
5	Endpoint Security VPN	Gateway of Site 1 through encrypted VPN Permitted servers (3 and 4) Note - Clients can reach servers of two sites with one authentication session, and their activity in both sites is logged

23 May 2024

© 2018 - 2024 Check Point Software Technologies Ltd.