SonicWALL TZ170 manual On the SonicWALL units, On FireWall-1 NG, Testing

Page 1

SonicOS

Hub and Spoke TZ170 VPNs with Checkpoint NG

Introduction

This technote will detail all steps to get a Hub and Spoke setup between the SonicWALL SonicOS Enhanced and the Checkpoint NG. Within this setup the Checkpoint NG will be the HUB and 2 TZ170 units will be the Spokes.

Versions Used

ƒSonicOS 2.5.0.2 Enhanced on both TZ170 units

ƒCheckpoint FW-1 NGAI

Sample Diagram

Tasklist

On the SonicWALL units:

ƒCreate new network objects and groups

ƒCreate new VPN Policy for the Check Point FW-1 NG

ƒSpecify Destination Network(s), IKE Phase 1 and Phase 2 properties

On FireWall-1 NG:

ƒCreate local(Check Point) LAN network objects and group

ƒCreate remote(SonicWALL's) LAN network objects

ƒCreate new Interoperable Device objects

ƒEdit the Check Point Gateway object

ƒVerify the Topology

ƒManually define VPN Domain

ƒCreate new VPN Star Community

ƒEdit VPN Star community properties

ƒVerify Security Rules

ƒVerify Address Translation Rules

Testing

ƒVerify that traffic flows through the tunnel.

ƒVerify that applications function properly through the tunnel.

ƒVerify that the tunnel can reestablish if either side is disconnected.

ƒVerify that the network map and documentation match the running configuration.

Page 1 Page 2
Image 1
Page 1 Page 2
Contents On the SonicWALL units TestingOn FireWall-1 NG Before You Begin SonicWALL Setup Side AliceNetmask Page Page Ipsec Phase 2 Proposal IKE Phase 1 ProposalSonicWALL Setup Side Bob Netmask Page IKE Phase 1 Proposal Ipsec Phase 2 Proposal Check Point FireWall-1NG Setup Page Page Page Page Page Page Page Page Ipsec Phase 2 Properties IKE Phase 1 PropertiesDocument Created 11/16/2004 Last Updated 06/19/2008 Version
Top Page Image Contents