- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Configuring a Third-Party Gateway using a CheckPoint with a SonicWall SSL-VPN appliance
03/26/2020 
4 People found this article helpful
198,446 Views
Description
Configuring a Third-Party Gateway using a CheckPoint with a SonicWall SSL-VPN appliance
Resolution
Setting up a SonicWall SSL-VPN with Check Point AIR 55
The first thing necessary to do is define a host-based network object. This is done under the file menu “Manage” and “Network Objects”.
Check Point Host Node Object Dialog Box Image
The object is defined as existing on the internal network. Should you decide to locate the SonicWall SSL-VPN on a secure segment (sometimes known as a demilitarized zone) then subsequent firewall rules will have to pass the necessary traffic from the secure segment to the internal network.
Next, select the NAT tab for the object you have created.
Check Point NAT Properties Dialog Box Image
Here you will enter the external IP address (if it is not the existing external IP address of the firewall). The translation method to be selected is static. Clicking OK will automatically create the necessary NAT rule shown below.
Check Point NAT Rule Window Image
Static Route
Most installations of Check Point AIR55 require a static route. This route will send all traffic from the public IP address for the SonicWall SSL-VPN to the internal IP address.
#route add 64.41.140.167 netmask 255.255.255.255 192.168.100.2
ARP
Check Point AIR55 contains a feature called auto-ARP creation. This feature will automatically add an ARP entry for a secondary external IP address (the public IP address of the SonicWall SSL-VPN). If running Check Point on a Nokia security platform, Nokia recommends that users disable this feature. As a result, the ARP entry for the external IP address must be added manually within the Nokia Voyager interface.
Finally, a traffic or policy rule is required for all traffic to flow from the Internet to the SonicWall SSL-VPN.
Check Point Policy Rule Window Image
Again, should the SonicWall SSL-VPN be located on a secure segment of the Check Point firewall, a second rule allowing the relevant traffic to flow from the SonicWall SSL-VPN to the internal network will be necessary.
Excerpted from SSL-VPN 2.1 Administrator’s Guide
Related Articles
- Printer Redirection with RDP through Secure Mobile Access
- EPC check based on Windows version
- SMA1000: How to manage Connect Tunnel client Auto-updates
YES
NO