Search This Blog

Saturday, August 22, 2015

Check Point site-to-site VPN with specific route

Following my previous post, were we route all traffic from site B through site A, in this post I will demonstrate how to route only specific sites (which reside in the internet) through site A in order to use site A public IP.

Again each site is managed by its own, so I have two security management servers.

Create local VPN domain object, which includes all site local networks:

Create remote VPN domain object, which includes all remote networks + the specific IP’s which we want to route through the remote peer, in this case (

These are the community object settings:

Do not check Accept all encrypted traffic

And firewall policy, which will allow and encrypt traffic between the sites:

Note that these settings should be configured on both sites using the relevant information for each site.

Also on the remote site we will have to add 2 more things, Firewall policy:

And NAT policy:

Install policy on both sites and that’s it!

Products List:
CP-CLUSTER – Check Point R77.20
CP-SG3 – Check Point R77.30

1 comment:

  1. Your blog has piqued a lot of real interest. I can see why since you have done such a good job of making it interesting. I appreciate your efforts very much. getmoreprivacy