Global VPN Communities

Large enterprises often have branches in different cities or countries. With each branch managed by a different Domain, the enterprise can use a central management system to centrally manage all the various Domains. When connectivity is established, the connections must be secure and have high levels of privacy, authentication, and integrity.

A Global VPN Community connects the enterprise's Security Gateways through VPN and lets the enterprise manage them under one network. You define the Global VPN Community in the Global Domain. The Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. utilizes its knowledge about the different Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. environments to create a VPN community which can manage them.

Item	Description
A	Domain A on Multi-Domain Server
B	Domain B on Multi-Domain Server
C	Global VPN Community
1	VPN tunnel
2	Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. configured in Domain A
3	Security Gateway configured in Domain B
4	VPN Domain of Security Gateway 2
5	VPN Domain of Security Gateway 3

To learn more about VPN communities, see the R81 Site to Site VPN Administration Guide.

VPN Connectivity

When you establish a Global VPN Community, it replaces part of the configuration of Externally Managed Security Gateways and automates the exchange of certificates for each Domain Management Server Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS..

These trusted entities create VPN trust in a Multi-Domain Security Management deployment:

• Certificates issued by a Domain Management Server Internal Certificate Authority (ICA Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.).

• External third party Certificate Authority servers (using OPSEC connectivity).

• Pre-shared secrets.

The ICA of the Domain Management Server issues certificates used by Domain Security Gateways to create SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust. Each Security Gateway supports certificates issued by the CAs of the other Domains.

For more information on VPN with Externally Managed Gateways, see the R81 Site to Site VPN Administration Guide.