VPN Communities - VPN Routing

What can I do here?

Use this window to configure VPN routing for satellites.

Getting Here - SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. > Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. > Access Control > Policy > Access Tools > VPN Communities > New Star Community > VPN Routing

Understanding VPN Routing

VPN Star Communities

A Star Community is a VPN CommunityClosed A named collection of VPN domains, each protected by a VPN gateway. composed of two types of members, Central and Satellite, where:

  • Each central gateway can establish VPN tunnel with each satellite gateway

  • Satellite gateways cannot establish VPN tunnels with each other

  • Central gateways cannot establish VPN tunnel with each other by default, but this is configurable on the Central Gateways page

VPN Routing

VPN routing is a way of directing communication through a specific VPN tunnel in order to enhance existing connectivity or security. In addition VPN routing can be used to reduce connectivity costs. A star VPN Community supports VPN routing in the following way. The HUB (the machine through which the VPN communication is redirected) is defined as a central gateway, and the SPOKES (the endpoint machines that receive or initiate the VPN connection) as Satellites. A VPN tunnel is created between the central gateway and the satellite gateways. Packets sent by the SPOKES are routed through the HUB.

VPN Routing Options

  • To center only . No VPN routing actually occurs. Only connections between the satellite gateways and central gateway go through the VPN tunnel. Other connections are routed in the normal way

  • To center and to other satellites through center . Use VPN routing for connection between satellites. Every packet passing from a satellite gateway to another satellite gateway is routed through the central gateway. Connection between satellite gateways and gateways that do not belong to the community are routed in the normal way.

  • To center, or through the center to other satellites, to internet and other VPN targets . Use VPN routing for every connection a satellite gateway handles. Packets sent by a satellite gateway pass through the VPN tunnel to the central gateway before being routed to the destination address.

In a star community, RDP packets are sent to the gateways and the first to respond is used for routing only when:

  1. There is more than one center gateway, and

  2. One of the following VPN routing options was selected:

    • To center and to other satellites through center

    • To center, or through the center to other satellites, to internet and other VPN targets