VeloCloud Version 4.0 and Higher

As we do not know the gateway IP address before we start the configuration, we must first create a Harmony Connect site with a placeholder IP address to be replaced later.

Configuring VeloCloud Orchestrator

To create an IPsec tunnel:

1. In the SD-WAN VeloCloud Orchestrator, go to Configure > Network Services.

2. Click New to create a new Network Service Branch to a non SD-WAN destination via a gateway:

   

   The New Non SD-WAN Destination via Gateway window opens.

3. Enter the tunnel IP address and click Next.

   

4. Enter all relevant information for the IKE/IPSEC template and click View IKE/IPSEC Template.

   

Updating the IP address at Check Point Infinity Portal

As noted previously, we only know the external IP address after we complete the configuration with VeloCloud. Therefore, we now replace the IP address we used as a placeholder.

To update the IP address:

1. Search for the SD-WAN Gateway IP address.

   

2. Replace the SD-WAN gateway IP with the IP address you configured on the Infinity Portal.

3. On Profiles > Device, enable Cloud VPN.

   

4. Click Save Changes.

Routing Traffic through the Check Point Harmony Connect IPsec Tunnels

To define routes for the traffic from your branch office IPsec tunnels to Check Point Harmony Connect:

1. In Profiles > Business Policy, click New Rule.

   

   The Configure Rule window opens.

2. Enter the relevant information to configure the new rule.

   

3. Click OK.

4. In Edges > Device, make sure that Cloud VPN is on.

   

5. Click Save Changes.

Testing the VeloCloud Configuration

To test the overall configuration at VeloCloud Orchestrator:

1. Rout the traffic from behind your Site to the internet and test the browsing function.

2. Go to Monitor > Edges.

3. Click the Edge that sends the traffic.

4. Locate your Check Point tunnels and make sure they are up. They must show the amount of traffic sent and received.