General Information

About this Guide

This guide explains how to configure IPsec tunnels and service chain traffic from a device by VMWare SD-WAN (VeloCloud) SD-WAN device to Check Point CloudGuard Connect.

These instructions refer to VeloCloud Orchestrator of version 3.2.2 and later.

About VeloCloud SD-WAN

SD-WAN by VeloCloud provides automatic deployment and improved performance over private, broadband Internet and LTE links for enterprises and service providers.

SD-WAN by VeloCloud is based on SDN and flexible. It addresses end-to-end automation, application continuity, branch transformation, and security from the data center to cloud to the edge.

VeloCloud Architecture Overview:

Components and Moving Parts



VeloCloud edge

An appliance installed in customer's environment.


A Gateway unit located in one of the VeloCloud data centers. It is used as a gateway between the edge device and the internet / WAN.

VeloCloud's Orchestrator

A Management Server that manages all aspects of configuration, monitoring, and all other aspects of the edge devices.

Check Point Infinity Portal

This guide covers the use case when your branch offices are protected with Check Point through this topology:

LAN > VeloCloud Edge > VeloCloud Gateway > CloudGuard Connect > Internet.

About Check Point CloudGuard Connect

Check PointCloudGuard Connect is a cloud security platform that provides Check Point latest threat prevention and access control for branch offices. Companies can connect their present routing equipment or SD-WAN device to CloudGuard Connect without other dedicated hardware by Check Point. CloudGuard Connect is a full software-as-a-service solution that needs no customer maintenance.

Check Point security product line includes: preventing known attacks using reputation services, signatures and bot communication prevention, preventing unknown attacks using cloud-based sandboxing, an Access Control Policy including Content Awareness, HTTPS Inspection and Application Control, and a web-based management for security events and log monitoring, policy, and site configuration.

For more information see CloudGuard Connect Administration Guide.