Configuring VPNs on SmartLSM Security Gateways

Open the SmartLSM Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. window and select the Topology tab.

Define a VPN domain (see Configuring Topology for SmartLSM Security Gateways).

Select the VPN tab.

If, when you created this SmartLSM Security Gateway in the gateway creation wizard, you cleared the I wish to create a VPN Certificate from the Internal CA option, you can select VPN Not supported. No IKE certificate is generated. You can change this setting at any time.

For this SmartLSM Security Gateway to participate in a VPN, continue with the next steps.

Select Use Certificate Authority Certificate.

If you selected I wish to create a VPN Certificate from the Internal CA in the wizard, this option is automatically selected and cannot be edited.

From the Certificate Authority Name drop-down list, select a CA server object that was previously defined in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

• If you cleared I wish to create a VPN Certificate from the Internal CA in the wizard, you can select a third-party CA from this list.

• If you selected I wish to create a VPN Certificate from the Internal CA in the wizard, the Check Point Internal CA is selected and cannot be edited.

If you select a third-party CA in Certificate Authority Name, enter a Key Identifier or Authorization Code, as instructed by the CA.

If this SmartLSM Security Gateway does not yet have an initiated IKE certificate, click Generate.

To generate a new IKE certificate, click Reset.

The SmartLSM Security Gateway's Distinguished Name (DN) of the certificate is automatically provided and cannot be edited.

To apply a new IKE certificate, update the CO gateway (see Updating Corporate Office Security Gateways).