Traffic Flows

Inbound Traffic

Inbound Traffic Reply

Outbound Traffic

Outbound Traffic Reply

East-West Outbound Traffic

East-West Outbound Traffic Reply

Intra-Subnet Traffic

Traffic travels freely in the subnet without inspection.

Remote Access VPN

  • On each attempt to create a site or connect to the site, the client runs a DNS query to resolve the current active IP addresses and do a load-sharing mechanism on the resolved IP list.

  • When the client initiates the connection, IKE negotiations take place with the configured Gateway on Azure. After the negotiations finish, a Remote Access tunnel is established.

  • As part of the IKE negotiations, the Gateway assigns a special IP called Office Mode to the client. By this assignment, the Gateway can identify the Remote Access client and give it access to the internal resources - derived from the configured Policy in SmartConsole.

  • The Remote Access client can auto-trust a new VMSS Instance Certificate that was issued by the same Management Server.

  • For more information about how Remote Access works with the Check Point Gateway, see the R80.40 Remote Access VPN Administration Guide.