Creating a VPN Community for SmartLSM Security Gateways

This section explains how to create the VPN itself in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. Before doing so, you must first configure, in SmartProvisioningClosed Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM., the SmartLSM Security Gateways to support VPN participation.

  1. Open SmartConsole.

  2. Define a VPN Star Community: Security Policies > Access Control > Policy > Access Tools > VPN Communities > New > Star Community.

  3. In Gateways > Center Gateways, click Add, and select the applicable Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. objects.

    Important - This field does not support:

    Select Mesh center gateways if it is necessary for the central Security Gateways to communicate.

  4. In Gateways > Satellite Gateways, click Add, select the SmartLSM Security Profile from the displayed list.

    When you select the profile, all SmartLSM Security Gateways assigned to this SmartLSM Security Profile are added to the VPN community. The gateways must be configured with the ability to participate in a VPN community (see Configuring VPNs on SmartLSM Security Gateways).

  5. In the Advanced tab, specify the IKE (Phase 1) properties.

  6. In the Shared Secret tab, clear Use only Shared secret for all External Members.

  7. Click OK.

  8. In Access Control > Policy, create a Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. which defines the services allowed for the VPN community. See Sample VPN Rules for a SmartLSM Security Gateways.

  9. Install the Security PolicyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. with this ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. on the CO gateway.

    A topology file and a certificate are downloaded to the SmartLSM Security Gateway, listing the members of the VPN community and specifying encryption information.

  1. Update the CO gateway. See Updating Corporate Office Security Gateways.

  2. Establish the VPN tunnel. Send a test connection with an allowed service (according to the rules created in the Security Policy Rule Base) and use SmartView Monitor to make sure that the test was successfully encrypted, sent, and received. To access SmartView Monitor, go to the Logs & Monitor view > External Apps > Tunnel & User Monitoring.