Check Point Firewall

To create a Gateway Object in the Check Point SmartConsole:

Note - Refer to the SmartConsole Help wherever necessary to complete the procedure.

  1. Log in to the Check Point SmartConsole.

  2. Click Security Policies.

  3. On the top right, click New and select More > Network Object > More > Interoperable Device.

    The Interoperable Device window appears.

  4. In the Name field, enter a name for Harmony SASE gateway.

  5. In the IPv4 Address field, enter the Harmony SASE gateway public IP address.

  6. Click OK.

  7. Under Access Control, click VPN Communities.

  8. Click New and select Star Community.

    The New Star Community window appears.

  9. In the Enter Object Name field, enter an object name.

  10. Under Center Gateways, click and add the Harmony SASE gateway.

  11. Under Satellite Gateways, click and add the Check Point Firewall.

  12. Click Shared Secret and add a shared secret. Make a note of it as it is used while configuring the tunnel in the Harmony SASE Administrator Portal.

    Note - Check Point recommends that the share secret key is at least 20 characters in length.

  13. Click Encryption:

    Field

    Enter
    Encryption Method IKEv2 only
    Custom encryption suite

    IKE Security Association (Phase 1)

    Encryption Algorithm AES-256
    Data Integrity SHA256
    Diffie Hellman group Group 14 (2048 bit)

    IKE Security Association (Phase 2)

    Encryption Algorithm AES-256
    Data Integrity SHA256

    More

    IKE Security Association (Phase 2)

    Use Perfect Forward Secrecy

    Diffie Hellman group Group 14 (2048 bit)

  14. Click Tunnel Management and under VPN Tunnel Sharing, select One VPN tunnel per Gateway pair.

  15. Click OK.

    Important - Make sure that you enter the remote subnets specified here in the Harmony SASE Administrator Portal. A mismatch can disconnect the tunnel.

  16. Under Check Point Firewall policy, add a rule for any to any, in and out to 10.255.0.0/16 depending on whether you have set the default subnet in the during Harmony SASE network.

  17. Create a network group with all local networks to be trusted with the VPN tunnels.

  18. Open the network object that you created.

  19. Click Topology > New.

  20. In the General tab:

    Field

    Enter
    Name Name for the topology.

    IP Address

    		 10.255.0.0
    Net Mask 255.255.0.0

  21. In the Topology tab, select Internal (leads to the local network) and select Network defined by the interface IP and Net Mask.

  22. In the General tab:

    Field

    Enter
    Name Name for the topology.

    IP Address

    		 Public IP address of the Harmony SASE gateway.
    Net Mask 255.255.255.255

  23. In the Topology tab, select External (leads to the local Internet).

  24. Click OK.

  25. Publish and install the policy.