Manuals / SonicWALL / Computer Equipment / Switch

SonicWALL TZ170 manual Introduction, Versions Used, Sample Diagram Tasklist, On FireWall-1 NG

Models: TZ170

1 22

Download 22 pages 16.65 Kb

Page 1

SonicOS

SonicOS

Hub and Spoke TZ170 VPNs with Checkpoint NG

Introduction

This technote will detail all steps to get a Hub and Spoke setup between the SonicWALL SonicOS Enhanced and the Checkpoint NG. Within this setup the Checkpoint NG will be the HUB and 2 TZ170 units will be the Spokes.

Versions Used

SonicOS 2.5.0.2 Enhanced on both TZ170 units

Checkpoint FW-1 NGAI

Sample Diagram

Tasklist

On the SonicWALL units:

Create new network objects and groups

Create new VPN Policy for the Check Point FW-1 NG

Specify Destination Network(s), IKE Phase 1 and Phase 2 properties

On FireWall-1 NG:

Create local(Check Point) LAN network objects and group

Create remote(SonicWALL's) LAN network objects

Create new Interoperable Device objects

Edit the Check Point Gateway object

Verify the Topology

Manually define VPN Domain

Create new VPN Star Community

Edit VPN Star community properties

Verify Security Rules

Verify Address Translation Rules

Testing

Verify that traffic flows through the tunnel.

Verify that applications function properly through the tunnel.

Verify that the tunnel can reestablish if either side is disconnected.

Verify that the network map and documentation match the running configuration.

Image 1

SonicWALL TZ170 manual Introduction, Versions Used, Sample Diagram Tasklist, On the SonicWALL units, On FireWall-1 NG

Contents

Testing Sample Diagram TasklistIntroduction Versions UsedSonicWALL Setup Side Alice Setup StepsBefore You Begin Netmask Shared Secret HaRd!toGue55Al1c3 Name tocheckpoint IPSec Primary Gateway Name or AddressPeer IKE ID IP Address Next select the ‘Network’ tab Ipsec Phase 2 Proposal IKE Phase 1 ProposalSonicWALL Setup Side Bob Name checkpointlan Name tocheckpoint IPSec Primary Gateway Name or Address Shared Secret HaRd!toGue55B0b Local IKE ID SNWL Identifier HUB-TESTIKE Phase 1 Proposal Protocol ESP Encryption 3DES Authentication SHA1 DH Group Group Ipsec Phase 2 ProposalLife Time seconds Do not enable Perfect Forward Security Next select the ‘Advanced’ tabCheck Point FireWall-1NG Setup In this window, enter the object Name CPLAN Network Address Net Mask The ‘Network Properties’ window will then appearName NetworkAlice Network Address Net Mask Name NetworkBob Network Address Net Mask Net mask “255.255.255.255” Internal network “192.168.170.1” In this example External network “67.115.118.94”Net mask “255.255.255.0” internal is also referred to as ‘This Network’IP Address Next click ‘Topology’ on the left hand side In this window, under ‘General Properties’ enter Name SNWLAliceThe ‘Interoperable Device’ window will then appear IP Address Next click ‘Topology’ on the left hand side In this window, under ‘General Properties’ enter Name SNWLBobPage Page Ipsec Phase 2 Properties IKE Phase 1 PropertiesClick on VPN Properties Perform key exchange encryption with 3DESDocument Created 11/16/2004 Last Updated 06/19/2008 Version