Check Point and Firebox BOVPN Integration Guide (2024)

Table of Contents
Deployment Overview Integration Summary Test Topology Configure the Firebox Configure the Check Point Device Test the Integration FAQs References

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This integration guide describes how to configure a Branch Office VPN (BOVPN) between a WatchGuard Firebox and a Check Point device.

Integration Summary

The hardware and software used in this guide include:

  • WatchGuard Firebox with Fireware v12.6.4
  • Check Point 770 with vR77.20.87(990173072)

Test Topology

This diagram shows the topology for a BOVPN connection between a Firebox and a Check Point device.

Check Point and Firebox BOVPN Integration Guide (1)

See Also
Cisco ASA and Firebox Branch Office VPN Integration GuideOkta and Firebox Mobile VPN with IPSec Integration GuideCisco ISR and WatchGuard Firebox Branch Office VPN Integration GuideGet Dedicated IP with VPN for Business | NordLayer

Configure the Firebox

On the Firebox, configure a Branch Office VPN (BOVPN) connection:

  1. Log in to Fireware Web UI.
  2. Select VPN > Branch Office VPN.
    The Branch Office VPN configuration page appears.
  3. In the Gateways section, click Add.
    The Gateway Endpoint Settings dialog box appears.
  4. In the Gateway Name text box, type a name to identify this Branch Office VPN gateway.
  5. From the Address Family drop-down list, select IPv4 Addresses.
  6. In the Credential Method section, select Use Pre-Shared Key.
  7. In the adjacent text box, type the pre-shared key.

Check Point and Firebox BOVPN Integration Guide (2)

  1. In the Gateway Endpoint section, click Add.
    The Gateway Endpoint Settings dialog box appears.
  2. From the External Interface drop-down list, select External.
  3. From the Interface IP Address drop-down list, select Primary Interface IP Address.
    The Primary Interface IP Address is the primary IPaddress you configured on the selected external interface.
  4. Select By IP Address.
  5. In adjacent text box, type the primary IP address of the External Firebox interface.

Check Point and Firebox BOVPN Integration Guide (3)

  1. Select the Remote Gateway tab.
  2. Select Static IP Address.
  3. In the adjacent text box, type the public IPaddress of your Check Point connection.
  4. Select By IP Address.
  5. In the adjacent text box, type the public IPaddress of your Check Point connection.

Check Point and Firebox BOVPN Integration Guide (4)

  1. Click OK.
  2. In the Gateway Endpoint section, select the Start Phase 1 tunnel when Firebox starts check box.

Check Point and Firebox BOVPN Integration Guide (5)

  1. Select the Phase 1 Settings tab.
  2. From the Version drop-down list, select IKEv2.
  3. For all other Phase 1 settings, keep the default values.

Check Point and Firebox BOVPN Integration Guide (6)

  1. Click Save.

Check Point and Firebox BOVPN Integration Guide (7)

  1. In the Tunnels section, click Add.
    The Branch Office VPN Tunnel configuration interface appears.
  2. From the Gateway drop-down list, select the gateway that you added.

Check Point and Firebox BOVPN Integration Guide (8)

  1. In the Addresses section, click Add.
  2. In the Local IP section, from the Choose Type drop-down list, select Network IPv4.
  3. In the Network IP text box, type the local IP segment. This is the local network protected by the Firebox.
  4. In the Remote IP section, from the Choose Type drop-down list, select Network IPv4.
  5. In the Network IP text box, type the remote IP segment. This is the local network protected by the Check Point device.

Check Point and Firebox BOVPN Integration Guide (9)

See Also
AnyConnect VPN met FTD configureren via IKEv2 met ISE

  1. Click OK.

Check Point and Firebox BOVPN Integration Guide (10)

  1. Keep the default values for all of the Phase 2 Settings.

Check Point and Firebox BOVPN Integration Guide (11)

  1. Click Save.

For more information about Branch Office VPN configuration on the Firebox, see Configure Manual BOVPN Gateways and Configure Manual BOVPN Tunnels.

Configure the Check Point Device

To configure the Check Point device, you must specify several settings.

  1. Log in to the Check Point 770 Web UI. The default IP address and port is https://192.168.1.1:4434.
  2. From the navigation menu, select Users & Objects > Network Resources > Network Objects.
  3. Click New.
  4. From the Type drop-down list, select Network.
  5. In the Network address text box, type the Network IP address, which is the internal network IP address protected by the WatchGuard Firebox.
  6. In the Subnet mask text box, type the subnet mask.
  7. In the Object name text box, type the object name.

Check Point and Firebox BOVPN Integration Guide (12)

  1. Click Apply.
  2. Repeat Steps 3–8 to create another network Object, which is the internal Network IP address protected by the Check Point device.

Check Point and Firebox BOVPN Integration Guide (13)

Next, configure the VPN Site:

  1. From the navigation menu, select VPN > Site to Site > VPN Sites.
  2. Click New to add new VPN site.
    The New VPN Site window appears.
  3. On the Remote Site tab, in the Site name text box, type the site name.
  4. From the Connection type drop-down list, select Host name or IP address.
  5. Select IP address and type the public IP address of remote device in text box.
  6. In the Authentication section, select Pre-shared secret.
  7. In the Password and Confirm text boxes, type the password.

Check Point and Firebox BOVPN Integration Guide (14)

  1. From the Encryption domain drop-down list, select Define remote network topology manually.
  2. Click Select and select the WGINT object that you created.
  3. Click Apply.

Check Point and Firebox BOVPN Integration Guide (15)

  1. Select the Encryption tab.
  2. From the Encryption settings drop-down list, select Custom.
  3. In the IKE (Phase 1) section, from the Encryption drop-down list, select AES-256.
  4. From the Authentication drop-down list, select SHA256.
  5. From the Diffie-Hellman group support drop-down list, select Group 14 (2048 bit).
  6. In the IPSec (Phase 2)section, from the Encryption drop-down list, select AES-256.
  7. From the Authentication drop-down list, select SHA256.
  8. Select the Enable Perfect Forward Secrecy check box.
  9. From the Diffie-Hellman group support drop-down list, select Group 14 (2048 bit).
  10. Keep the default settings for all other options.

Check Point and Firebox BOVPN Integration Guide (16)

  1. Select the Advanced tab.
  2. Clear the Remote gateway is a Check Point Security Gateway check box.
  3. Select the Allow traffic to the internet from remote site through this gateway check box.
  4. From the Encryption method drop-down list, select IKEv2.
  5. For all other settings, keep the default values.
  6. Click Apply.

Check Point and Firebox BOVPN Integration Guide (17)

Next, configure the Access Policy:

  1. From the navigation menu, select Access Policy > Firewall > Policy.
  2. In the Incoming, Internal and VPN traffic section, click New.
  3. For the Source, select the CPINT object that you created.
  4. For the Destination, select the WGINT object that you created.
  5. Keep the default settings for all other options.

Check Point and Firebox BOVPN Integration Guide (18)

  1. Click Apply.
  2. Repeat Steps 2-6 to create another policy.

Check Point and Firebox BOVPN Integration Guide (19)

For more information about Check Point VPN configuration and supported IKE ciphers, see Check Point 700/900 Appliances R77.20.87 Administration Guide.

Test the Integration

To test the integration, from Fireware Web UI:

  1. Select System Status > VPN Statistics.
  2. Select the Branch Office VPN tab.
  3. Verify that the VPN is established.

Check Point and Firebox BOVPN Integration Guide (20)

  1. Verify that Host 1 (behind the Firebox) and Host 2 (behind the Check Point device) can ping each other.

Give Us FeedbackGet SupportAll Product DocumentationTechnical Search

© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.

Check Point and Firebox BOVPN Integration Guide (2024)

FAQs

How to configure remote VPN in Checkpoint? ›

To configure a specific VPN Domain in the Security Gateway Object:
  1. Open the Network Management > VPN Domain page.
  2. In the line Set Specific Domain for Gateway Communities, click Set.
  3. Select the VPN Community for which it is necessary to override the VPN Domain and click Set.
  4. Select the applicable option:

Learn More Now
How to set up bovpn in WatchGuard? ›

For a complete list of settings, and a detailed example of how to configure settings for a BOVPN between two Fireboxes, go to Set up a VPN Between Two Fireware Devices (Web UI). Select VPN > Branch Office VPN. Below the Gateways list, click Add. In the Gateway Name text box, type a name to identify this gateway.

Learn More
How to check WatchGuard VPN logs? ›

To view Mobile VPN log messages in the Windows VPN client , select Help > Logbook from the WatchGuard Mobile VPN Monitor. The Log Book dialog box opens.

Read On
What is a branch office VPN? ›

A VPN (Virtual Private Network) creates secure connections between computers or networks in different locations. Each connection is known as a tunnel. When a VPN tunnel is created, the two tunnel endpoints authenticate with each other.

See More
How to connect VPN connection through check point firewall? ›

To add a new VPN site:
  1. Click New. The New VPN Site window opens in the Remote Site tab.
  2. Enter the Site name.
  3. Select the Connection type: ...
  4. Select an authentication method. ...
  5. Select the Remote Site Encryption Domain. ...
  6. Exclude networks - Select this option to exclude networks from the specified encryption domain. ...
  7. Click Apply.

View More
What are the two 2 components required to configure remote access VPN? ›

A remote access VPN comprises two key components: the network access server (NAS) and VPN client software (often called an app).

Read On
How to configure VPN WatchGuard Firebox? ›

Configure a Firebox with Mobile VPN (IKEv2)
  1. From a Subscriber account, select Configure > Devices.
  2. Select the Firebox.
  3. Select Device Configuration. The Device Configuration page opens.
  4. In the VPN section, select Add Mobile VPN. The Add Mobile VPN page opens.
  5. Select IKEv2.

Learn More
How do I connect to WatchGuard access point? ›

To directly connect to the WatchGuard Access Point web UI on an AP with factory-default settings:
  1. Configure your computer to use these network settings: IP address — 192.168. 1.2. Subnet mask — 255.255. 255.0. Gateway — 192.168. 1.1.
  2. Connect your computer directly to the AP with an Ethernet cable.

Read The Full Story
How to create a VPN tunnel between two sites? ›

  1. Overview.
  2. Step 1: Create a VPN Gateway.
  3. Step 2: Create a Customer Gateway.
  4. Step 3: Create a VPN Tunnel.
  5. Step 4: Configure a Local Gateway.
  6. Step 5: Configure a Routing Policy.
  7. Step 6: Activate a VPN Tunnel.
Jan 9, 2024

Learn More Now
How do I check my Bovpn status on WatchGuard? ›

Monitor VPN Tunnel Status

To monitor the current status of branch office VPN tunnels from Fireware Web UI, select System Status > VPN Statistics. To see the status and any VPN diagnostic messages if a VPN tunnel connection failed, click a gateway or tunnel.

See Details

What type of VPN is WatchGuard? ›

WatchGuard offers three choices for client-based VPN connectivity: Mobile VPN with IKEv2 - Mobile VPN with IKEv2 uses IPSec to provide superior encryption and authentication. Supports connections from a wide range of operating systems.

Explore More
How do I log into WatchGuard Firebox? ›

Connect to Fireware Web UI
  1. https://<Firebox-IP-address>:8080.
  2. <Firebox-IP-address> is the IP address assigned to the trusted or optional interface on your device. When you make this connection, the browser loads the login page. The default URL for a WatchGuard Firebox is:
  3. https://10.0.1.1:8080.

Discover More Details
What is point to point VPN? ›

PPTP (Point-to-Point Tunneling Protocol) is a network protocol used to establish a secure VPN connection over the internet. Point-to-Point Tunneling Protocol facilitates the private transfer of data from a remote client to a server by encapsulating packets at a TCP/IP level.

Know More
What is BoVPN? ›

A BOVPN is a type of VPN that connects remote branch offices to a central headquarters. BOVPNs provide secure remote access to company resources, allowing employees to access critical data and applications from remote locations.

Get More Info Here
What is the difference between site-to-site and point to site? ›

Unlike site-to-site connections, point-to-site connections don't require an on-premises public-facing IP address or a VPN device. Point-to-site connections can be used with site-to-site connections through the same VPN gateway, as long as all the configuration requirements for both connections are compatible.

Keep Reading
How to configure remote VPN? ›

How to configure a remote access VPN connection​?
  1. Enable the VPN on the server network. ​ ...
  2. Register users. Now that you have enabled the network and taken note of the necessary details, you will need to register each user who will use the remote access VPN. ...
  3. Configure the remote access VPN on the user device.

Explore More
How do I setup a VPN on my access point? ›

To configure an Access Point VPN, follow these steps:
  1. Configure a Firebox with Mobile VPN (IKEv2)
  2. Add an Access Point Site.
  3. Add an SSID with NAT.
  4. Configure the Access Point VPN.
  5. Deploy the Site Configuration to an Access Point.
  6. Test the Access Point VPN.

Get More Info
How to create a VPN tunnel in Checkpoint? ›

Configure the VPN community:
  1. Enter the VPN community name.
  2. From the left tree, click Gateways. Select the applicable Security Gateways.
  3. From the left tree, click Encrypted Traffic. Select Accept all encrypted traffic. This automatically adds a rule. ...
  4. Configure other settings as necessary.

Keep Reading
How do I setup a VPN for a different location? ›

You can set up a VPN and change your location in a few simple steps:
  1. Pick a reliable service provider like VeePN and sign up.
  2. Download and install a VPN app on your device.
  3. Open the Locations settings.
  4. Select a VPN server location that works for you.
  5. There it is – your IP address and location are changed.
Apr 29, 2024

See Details

References

Top Articles
These 15 Tasty Dorm Room Recipes Cost Less Than $5 — No Kitchen Necessary
Speculoos Cookies (Classic Recipe)
Hometown Pizza Sheridan Menu
Spectrum Gdvr-2007
Nybe Business Id
Restaurer Triple Vitrage
Western Union Mexico Rate
Lighthouse Diner Taylorsville Menu
Lexington Herald-Leader from Lexington, Kentucky
Sportsman Warehouse Cda
Nyuonsite
My Vidant Chart
LA Times Studios Partners With ABC News on Randall Emmett Doc Amid #Scandoval Controversy
Where's The Nearest Wendy's
Es.cvs.com/Otchs/Devoted
Persona 4 Golden Taotie Fusion Calculator
2016 Hyundai Sonata Price, Value, Depreciation & Reviews | Kelley Blue Book
Sony E 18-200mm F3.5-6.3 OSS LE Review
Unit 33 Quiz Listening Comprehension
Craiglist Kpr
Prestige Home Designs By American Furniture Galleries
Cocaine Bear Showtimes Near Regal Opry Mills
Scout Shop Massapequa
Samantha Aufderheide
Masterkyngmash
Teekay Vop
The Collective - Upscale Downtown Milwaukee Hair Salon
Safeway Aciu
Stockton (California) – Travel guide at Wikivoyage
Log in to your MyChart account
Worthington Industries Red Jacket
Inmate Search Disclaimer – Sheriff
Spy School Secrets - Canada's History
Kokomo Mugshots Busted
Vitals, jeden Tag besser | Vitals Nahrungsergänzungsmittel
Craigslist Neworleans
Colorado Parks And Wildlife Reissue List
Hisense Ht5021Kp Manual
How To Get Soul Reaper Knife In Critical Legends
ENDOCRINOLOGY-PSR in Lewes, DE for Beebe Healthcare
2023 Fantasy Football Draft Guide: Rankings, cheat sheets and analysis
Goats For Sale On Craigslist
20 Mr. Miyagi Inspirational Quotes For Wisdom
Rescare Training Online
Kjccc Sports
Movie Hax
Playboi Carti Heardle
Mountainstar Mychart Login
300+ Unique Hair Salon Names 2024
Craigslist Pets Charleston Wv
Barback Salary in 2024: Comprehensive Guide | OysterLink
Craigslist Sarasota Free Stuff
Latest Posts
Spicy Asian Lettuce Wraps Recipe | We are not Martha
Better Than Anything Toffee Recipe
Article information

Author: Jerrold Considine

Last Updated:

Views: 6101

Rating: 4.8 / 5 (78 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Jerrold Considine

Birthday: 1993-11-03

Address: Suite 447 3463 Marybelle Circles, New Marlin, AL 20765

Phone: +5816749283868

Job: Sales Executive

Hobby: Air sports, Sand art, Electronics, LARPing, Baseball, Book restoration, Puzzles

Introduction: My name is Jerrold Considine, I am a combative, cheerful, encouraging, happy, enthusiastic, funny, kind person who loves writing and wants to share my knowledge and understanding with you.