Configuring SD-WAN Device

To prevent cyberattacks and enforce the Check Point access control, the traffic from the subnets is tunneled through the Check Point Harmony Connect. You must create two IPsec tunnels for redundancy.

After you create the site at Check PointHarmony Connect, you must configure your branch office on this site to route the traffic through Harmony Connect.

Check Point creates the back-end architecture for tunneling the traffic from the branch device to the Internet.

Example:

Notes: To enhance the service reliability, we recommend you to create and use two tunnels. If you use IPsec tunnels, Check Point provides the tunnel addresses as FQDN domains. VeloCloud only supports configuration of the tunnels as IP addresses, and not as FQDN domains. Check Point does not guarantee that the IP addresses behind its FQDN-based tunnels remain static.If you want to preserve the IP addresses behind the tunnels, you must submit an applicable request to Check Point Support. For more information about how to open a support ticket for Harmony Connect, see sk154712.

To configure your branch device:

1. On the site thumbnail, click the Configure branch device button:

   

   The Instructions window opens.

2. From the top field, select your SD-WAN branch office device.

3. Follow the instructions on the screen to get the IPsec configuration properties, pre-shared key, tunnel addresses, and the traffic routes.

   Example:

   

   Note - For VeloCloud, you must get the IP addresses for the tunnels. Use nslookup to find the IP addresses of the two Check Point tunnels.

4. Click Close.