After you create a site at Check Point's Infinity Portal, complete step two instructions on how to configure Check Point as the Non-VeloCloud Site on the VeloCloud Orchestrator.
After you create a site at Check Point's Infinity Portal, complete the steps below:
- From the VeloCloud Orchestrator, go to Configure > Network Services
- In the Non-VeloCloud Sites area, click the New button.
The New Non-VeloCloud Sitedialog box appears.
- Complete the following sub steps in the New Non-VeloCloud Sitedialog box:
- Enter the Name of your site.
- Select Check Point from the Type drop-down menu.
- Type in the Primary VPN Gateway (and the Secondary VPN Gateway if necessary).
- Click Next.
A dialog box for your Non-VeloCloud Site appears. (image below).Note: To configure tunnel settings to the Non-VeloCloud site’s Primary VPN Gateway, click the Advanced button located at the bottom of the dialog box. Any changes made to Encryption, DH Group, or PFS will also be applied to the redundant tunnel configuration. After saving your changes, update the site's primary VPN Gateway device. Click on the "View IKE/IPSec Template" button for details.
- In the Primary VPN Gateway area, of the dialog box of your Non-VeloCloud Site (image above):
- PSK text box: Enter the Pre-Shared Key that was configured on the Check Point infinity portal. Do not configure redundant IPsec tunnels (keep the checkbox for Redundant VeloCloud Cloud VPN unchecked).
- Encryption drop-down menu: The Encryption should be set to the same algorithm that was configured on the checkpoint infinity portal.
- DH Group: The DH group should be set to the same value that was configured on the checkpoint infinity portal.
- For the purposes of this specific Check Point configuration, choose disabled from PFS drop-down menu.
- To add a Secondary VPN Gateway click the Add button. Clicking the Save Changes button will immediately create the Secondary VPN Gateway for this site and provision a VeloCloud VPN tunnel to this Gateway.
- As mentioned in Step 4a above, leave the Redundant VeloCloud Cloud VPN checkbox unchecked.
- For the purposes of the Check Point configuration, choose Default from the Local Auth Id drop-down menu.
- For the purposes of the Check Point configuration, check the Disable Site Subnets checkbox.
- Click Save Changes.
- Check the Enable Tunnel(s) checkbox once you are ready to initiate the tunnel from the VeloCloud Gateway to the Check Point CloudGuard VPN gateways.