Generate internal CA certificates for each gateway (done automatically).Create the gateway objects in SmartConsole and make sure that IPsec VPN is enabled on each one.How do you create a site-to-site VPN between the two gateways so that they can communicate securely? Scenario: Two Check Point gateways are managed by the same Security Management Server. Setting up Site-to-Site VPN between GatewaysĬonfirming that a VPN Tunnel Opens Successfully We invite you to learn more about our technology and architecture and to download and test the Enterprise version.Getting Started with Site-to-Site VPN In This Section: The WiKID Strong Authentication System is a very reasonably priced two-factor authentication solution. Now you should have properly configured two-factor authentication for your CheckPoint VPN. This will open up the firewall port to the new network client. From a terminal window, stop and start the WiKID Strong Authentication Server.Leave the Return Attributes empty (unless you know what you're doing) On the next page, enter the Shared Secret created above.Choose a WiKID domain to the network client.Create a name such as "Checkpoint Firewall/VPN".Next we add a specific network client for the Checkpoint firewall/vpn: You should be able to leave the settings as is and click 'Initialize'.Click on the 'Configuration' tab in the WiKIDAdmin web interface.On the WiKID Server, be sure to enable Radius: Give this server a priority if multiple Radius servers are configured.Select 'Radius version 1.0 Compatible'.If need be, you can change to port 1645 on WiKID but it is not recommended. 'New Radius should use port 1812, which is the default for WiKID. In the 'Service' field select 'New Radius'.In the 'Host' field enter the host name that was configured above.In the 'Comment' field enter comments of your choice, such as 'WiKID Radius interface'.In the 'Name' field assign a name for the Radius server.A Radius Server Properties window should be displayed. Click on 'New', from the menu select Radius.For clarity, enter "WiKID two-factor authentication" or some such for a comment.Ĭonfigure the WiKID Strong Authentication Radius interface in the Check Point Policy Editor. In the Workstation Properties window, enter the workstation name, IP Address, choose 'Host' for Type.Click on 'Manage' then 'Network Objects'.Start by adding the workstation object for a Radius server in the Check Point Policy Editor:
This document provides information on how to enable the Radius interface on FireWall-1 to accept one-time passwords from the WiKID Strong Authentication System. We assume that you have already installed Check Point VPN-1/FireWall-1.
0 kommentar(er)
