SonicWALL TZ170 User Manual
SonicOS
Hub and Spoke TZ170 VPNs with Checkpoint NG
Introduction
This technote will detail all steps to get a Hub and Spoke setup between the SonicWALL SonicOS Enhanced and the
Checkpoint NG. Within this setup the Checkpoint NG will be the HUB and 2 TZ170 units will be the Spokes.
Checkpoint NG. Within this setup the Checkpoint NG will be the HUB and 2 TZ170 units will be the Spokes.
Versions Used
SonicOS 2.5.0.2 Enhanced on both TZ170 units
Checkpoint FW-1 NGAI
Checkpoint FW-1 NGAI
Sample Diagram
Tasklist
On the SonicWALL units:
Create new network objects and groups
Create new VPN Policy for the Check Point FW-1 NG
Specify Destination Network(s), IKE Phase 1 and Phase 2 properties
Create new VPN Policy for the Check Point FW-1 NG
Specify Destination Network(s), IKE Phase 1 and Phase 2 properties
On FireWall-1 NG:
Create local(Check Point) LAN network objects and group
Create remote(SonicWALL's) LAN network objects
Create new Interoperable Device objects
Edit the Check Point Gateway object
Verify the Topology
Manually define VPN Domain
Create new VPN Star Community
Edit VPN Star community properties
Verify Security Rules
Verify Address Translation Rules
Create remote(SonicWALL's) LAN network objects
Create new Interoperable Device objects
Edit the Check Point Gateway object
Verify the Topology
Manually define VPN Domain
Create new VPN Star Community
Edit VPN Star community properties
Verify Security Rules
Verify Address Translation Rules
Testing
Verify that traffic flows through the tunnel.
Verify that applications function properly through the tunnel.
Verify that the tunnel can reestablish if either side is disconnected.
Verify that the network map and documentation match the running configuration.
Verify that applications function properly through the tunnel.
Verify that the tunnel can reestablish if either side is disconnected.
Verify that the network map and documentation match the running configuration.