Special Considerations for VPN Routing

The VPN routing option To center and to other satellites through center is not supported by SmartLSM Security Gateways.

To configure VPN routing to SmartLSM Security Gateways through the center, enable VPN Routing for a hub and spoke configuration, by editing the vpn_route.conf file on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

  1. Generate a group that contains the encryption domains of all the satellite SmartLSM Security Gateways, and call it SmartLSM_domain.

  2. Generate a group that contains all the central gateways, and call it Center_gws.

  3. In vpn_route.conf , add the ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.:

    Destination

    Router

    Install On

    SmartLSM_domain

    Center_gws

    SmartLSM_profile

You can have a Star VPN topology for multiple routing gateways, if the gateways are listed under install on in the vpn_route.conf

For more information, see Route Based VPN in the R81 Site to Site VPN Administration Guide.