SonicWALL Check Point Firewall-1 VPN Interoperability



Similar documents
Chapter 4 Virtual Private Networking

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

How To Set Up Checkpoint Vpn For A Home Office Worker

VPN Wizard Default Settings and General Information

Global VPN Client Getting Started Guide

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Global VPN Client Getting Started Guide

ISG50 Application Note Version 1.0 June, 2011

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configure IPSec VPN Tunnels With the Wizard

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Route Based Virtual Private Network

TechNote. Configuring SonicOS for Amazon VPC

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Global VPN Client Getting Started Guide

Windows XP VPN Client Example

Chapter 8 Virtual Private Networking

Chapter 6 Basic Virtual Private Networking

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

IP Office Technical Tip

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Chapter 9 Monitoring System Performance

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

Internet. SonicWALL IP SEV IP IP IP Network Mask

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

OfficeConnect Internet Firewall VPN Upgrade User Guide

How to access peers with different VPN through IPSec. Tunnel

HOWTO: How to configure IPSEC gateway (office) to gateway

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

SSL-VPN 200 Getting Started Guide

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Using SonicWALL NetExtender to Access FTP Servers

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

VPN L2TP Application. Installation Guide

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

How To Industrial Networking

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Chapter 6 Virtual Private Networking Using SSL Connections

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

TechNote. Configuring SonicOS for MS Windows Azure

Chapter 3 LAN Configuration

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Chapter 5 Virtual Private Networking Using IPsec

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

For paid computer support call

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

7. Configuring IPSec VPNs

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Getting Started Guide

LinkProof And VPN Load Balancing

Firewall Defaults and Some Basic Rules

Cisco QuickVPN Installation Tips for Windows Operating Systems

What information will you find in this document?

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Time Warner Cable Business Class IP VPN & Managed IP VPN User Guide

IPSec Pass through via Gateway to Gateway VPN Connection

Check Point FW-1/VPN-1 NG/FP3

Gateway to Gateway VPN Connection

SonicOS Enhanced 3.2 IKE Version 2 Support

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

How To Install Sedar On A Workstation

GNAT Box VPN and VPN Client

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

This chapter describes how to set up and manage VPN service in Mac OS X Server.

VPN Configuration Guide. Cisco ASA 5500 Series

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Configuring Global Protect SSL VPN with a user-defined port

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Citrix Access on SonicWALL SSL VPN

Configure VPN between ProSafe VPN Client Software and FVG318

VPN. VPN For BIPAC 741/743GE

V310 Support Note Version 1.0 November, 2011

Using IPsec VPN to provide communication between offices

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Using Rsync for NAS-to-NAS Backups

SSL SSL VPN

Scenario: Remote-Access VPN Configuration

Method 1: SecuRemote Client VPN Software

Cisco SA 500 Series Security Appliance

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Microsoft Azure Configuration

Transcription:

SonicWALL Check Point Firewall-1 VPN Interoperability A Tech Note prepared by SonicWALL, Inc. SonicWALL, Inc. 1160 Bordeaux Drive Sunnyvale, CA 94089-1209 1-888-557-6642 http://www.sonicwall.com

Introduction The most common prescription against unwanted Internet access has been fortification of the enterprise network s main entrance against hackers. High-end solutions, such as Check Point Software s Firewall-1, are now firmly and properly established at the main entrances to the enterprise network. But that is not enough. Although the front door may be fortified and monitored, other entrances that may not be as well protected against attacks. Remote offices may not be protected at all, placing their own data and application availability at risk, and perhaps also providing an unguarded back door into the fortified headquarters network. The technology used to protect alternative portals into an enterprise network and remote networks from external attack, and to isolate internal segments of a large network from internal threats, are the same as those which protect the main entrance: firewalls at portals, and Virtual Private Networks (VPNs) between the enterprise network and remote offices or telecommuters. A VPN provides a secure, encrypted path over the Internet, and the use of VPN should be required for accessing any non-public information over the Internet. Enterprise Firewall (e.g. Check Point's FW-1) Secure Connection THE INTERNET CORPORATE HEADQUARTERS SonicWALL with VPN BRANCH OFFICES As VPN standards are still evolving, different vendors implementations are not always fully interoperable. Yet a good remote office firewall should be adaptable to support all of the leading enterprise VPN products. One of SonicWALL VPN's strengths is its ability to interoperate with VPN solutions offered by different vendors. One of these products is Check Point Firewall-1. This tech note details the steps to configure Firewall-1 to support SonicWALL VPN. SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note - Page 1

Configuring Check Point Firewall-1 Note: This paper assumes a familiarity with the Check Point Firewall-1 Management tools. The following steps also assume that the Firewall-1 is installed and properly configured. Launch and log into the Firewall-1 Security Policy application. 1) Check the existing Firewall object to make sure the Encryption Domain includes all objects for any encryption methods in use. Click the Encryption tab and make sure the Manual IPSEC encryption algorithm is selected. If SecuRemote is used, FWZ must also be selected. 2) Create the Remote Object(s) - These are the resources, behind the remote SonicWALL such as Workstation, Network, or Group objects. We will use a Network in the following example: From the Manage menu select Network Objects. Click the New button and select Network. Give the Network Object a unique name, such as "SonicWALL-Network". Give the Network Object an IP Address Range ("10.1.1.0"). Give the Network Object a Subnet Mask ("255.255.255.0"). Give the Network Object a Comment (optional). Page 2 - SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note

Select External for the Location option. Click the OK button when finished. 3) For easier management, create a Group and place all objects that are protected by the remote SonicWALL in that group. Press the New button and select the Group option. Give the Group object a unique name, such as "Encrypt-SonicWALL". Give the Group object a Comment (optional). Select the objects that are behind the remote SonicWALL and Add them to the group. Click the OK button when finished. SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note - Page 3

4) Now create the remote SonicWALL firewall object. Press the New button and select the Workstation option. Give the workstation object a unique name, such as "SonicWALL-Remote". Give the Workstation object the external IP address of the remote SonicWALL ("111.111.111.111"). Give the Workstation object a comment (optional). Select External for the Location. Select Gateway for the Type. Leave the Firewall-1 Installed box unchecked. Click the Encryption tab. Select the Other radio button and select the Group or Network for which the SonicWALL will be encrypting traffic. Select the encryption method Manual IPSEC. Click the OK button when finished. Page 4 - SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note

5) Next, create the SPI key(s) needed to synchronize encryption algorithms. From the Manage menu select the Keys option. Click the New button and select SPI. Give the SPI Value a unique hexadecimal value. Give the SPI Key a comment (optional). Check the ESP box and select DES as Encryption Algorithm. Make sure that the AH box is unchecked (ignore any warning). Authentication Algorithm field should be greyed out. Enter an Encryption Key (Note: must be 16 hexadecimal characters). Authentication Key field should be greyed out. SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note - Page 5

The Encryption Key and SPI Key number must match the settings on the remote SonicWALL for the VPN to work. 6) Next, create a rule to allow the Check Point Firewall to exchange IPSEC packets with the remote SonicWALL. From the Edit menu, select Add Rule. This rule should be added below any Client VPN rules (for SecuRemote to work properly) and above the normal resource access rules. The rule should contain both firewall objects (Check Point Firewall-1 and SonicWALL), the Service group should be IPSEC, and it should be Accepted. Logging is optional and should be used to debug any problems. Page 6 - SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note

7) Add a rule to allow the two networks/groups to send encrypted data to each other. This rule should follow immediately after the firewall IPSEC packet exchange rule. The rule should contain both the local network/ group with the remote network/group. If desired, services that are allowed to traverse the VPN tunnel may be restricted. The action for this rule should be Encrypt. Right click the Encrypt action and select Edit Properties. Select the Manual IPSEC and the Logging radio buttons. Click the Edit button. Select the SPI Key for this VPN tunnel. Click the OK button when finished with the IPSEC properties and click the OK button when finished with the Encryption Properties. SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note - Page 7

8) From the Policy menu, select Install to activate the security policy. The VPN tunnel will function once the remote SonicWALL has been configured with a corresponding Security Association. Configuring the SonicWALL Internet Security Appliance 1) Please refer to the SonicWALL manual for instructions on configuring SonicWALL VPN settings. 2) Go to the VPN>Configure screen in the SonicWALL management interface. Create a SonicWALL Security Association, using manual key encryption, and name it "Check Point" (any name will work). 3) Do not use the 'allow remote clients' checkbox. Enter a valid destination address range (referring to the LAN behind Check Point). Specify the Check Point's external address as the IPSec Gateway address. 4) Select the Encryption Method "Encrypt for Checkpoint (ESP DES rfc1829)". 5) Make sure the Encryption Key and the SPIs match the values specified in the Check Point screens (The SonicWALL doesn't need the '0x' prefixes to denote hexadecimal fields like the Check Point does). There is no need for an authentication key. 6) Update the screen and restart SonicWALL to activate the VPN configuration. Acknowledgment SonicWALL would like to thank Ignyte Technologies, Inc. for their help in the creation of this tech note. Ignyte is a network systems integration company committed to helping clients identify, plan, and implement business solutions based on information systems. Please visit Ignyte's Web site at <http://www.ignyte.com>. Page 8 - SonicWALL -- Check Point Firewall-1 VPN Interoperability Tech Note

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information