Creating a New Site

Every site on the Sites page represents the device in your branch office that connects you to the Internet.

You can add, manage and delete the Sites in your organization and view all your site locations.

Example:

To connect a branch office and manage its security, you must create a site that represents this branch office SD-WAN office device, and then route its traffic to the network through Harmony Connect.

To add a new site:

  1. Click the + Add button in the upper row.

    The Create New Site window opens.

  2. Enter this information on the pane General:

    • Name - A name for the Site.

    • Site Address - Physical location of the branch office.

      This field is an option to show your site on the world map.

    • Location of the Cloud Service - Location of the service for this connection. Select from the list of options.

      Best Practice - Harmony Connect inspects traffic from your branch office to the Internet with a cloud service that resides in one of these locations. To achieve the best performance, you typically select the location of the cloud service that is closest to the location of your site. For some countries, most notably South America or the Middle East, the best choice for Location of the cloud service might be presence of a strong cross-country Internet link.

    • Number of users (Estimation) - The expected number of users.

    • Comments - Optional description of the site.

    Example:

  3. Click Next.

  4. Enter this information on the pane Connection Details:

    • Device Type - Select Citrix SD-WAN

      Check Point Harmony Connect applies its cybersecurity features on any traffic from these network addresses.

    • Tunnel Type - Select the Pre-Shared Key for the traffic. Two options are available:

      • IPsec

      • GRE

      Best Practice - Check Point supports both IPsec and GRE tunnel types but strongly recommends to use IPsec for security reasons. See sk157893.

    • External IPs - One or more of the IP address of your branch office site.

      Notes:

      • For the purpose of this guide we refer to Static IP Address for the Site. Sites with dynamic IP are currently not supported with Citrix SD-WAN.

      • Both tunnels are up at all times.

       

      Best Practice - If you have more than one external network interface, use the Add another external IP address option. To secure all the traffic, Check Point recommends to add all your external IP addresses. This option is available for IPsec tunnels.

      Example:

  5. Click Next.

    On the Authentication page you can see the Shared Secret.

    Note - This option is available only if you configure IPsec Type tunnels.

    Example:

  6. Click Next.

    The Internal Subnets pane opens.

  7. On the Internal Subnets pane, enter the IP address of your internal networks in the branch office site.

    Check Point Harmony Connect applies its cybersecurity features on any traffic coming from these network addresses.

  8. Click Next.

    Confirm Site Creation pane opens.

  9. Go to Confirm Site Creation > Finish and Create Site and wait.

    It might take Check Point several minutes to create the site.

    The new site appears in the list of the sites, with the status Generating Site.

    The status changes to Waiting for Traffic when the site is ready.