Configuring VeloCloud on the SD-WAN Device

Configuring VeloCloud Orchestrator

To create an IPsec tunnel:

1. In the SD-WAN VeloCloud Orchestrator, go to Configure > Network Services.

2. Click New to create a new Network Service Branch to a non-SD-WAN destination via Edge:

   

   The Non SD-WAN Destinations via Edge window opens.

   

3. Select the Service Type and click Next.

4. Enter the relevant information and click Save Changes.

   

5. Navigate to Profiles > Device and select Cloud VPN - Branch to Non SD-WAN Destination via Edge:

   

6. Click Save Changes.

Routing the Traffic

To define routes for the traffic from your branch office IPsec tunnels to Check Point Harmony Connect:

1. In Profiles > Business Policy, click New Rule.

   

2. Enter the relevant information to configure the new rule:

   

3. Add two sites that represent tunnels: Navigate to Edges > Device and click Add.

   

4. In the Add Tunnel window, enter all relevant information.

   

5. Click Save Changes.

Testing the VeloCloud Configuration

To test the overall configuration at VeloCloud Orchestrator:

1. Rout the traffic from behind your Site to the internet and test the browsing function.

2. Go to Monitor > Edges.

3. Click the Edge that sends the traffic.

4. Locate your Check Point tunnels and make sure they are up. They must show the amount of traffic sent and received.