Tejas Jain

Objects  are the central piece of most of the firewalls that currently exist – be it the traditional stateful firewalls or the over-used term “Next-Generation” firewall. Objects are the containers for IP addresses, subnets, services i.e. ports. The rationale being: Create an object Use that object in the Firewall rules, NAT policies, VPN communities etc. In case the IP address / port needs to be changed, simple make that change in the object , so that the changes get automatically reflected in all the firewall rules, NAT policies, VPN communities that use the object. This is the sole purpose of the objects’ existence (besides making the IP addresses or ports, more admin friendly) Multiple network or service objects are grouped together in a Network or Service group Depending on the type of the value that goes into the object, Checkpoint has multiple types of objects. Network Object Host Object Network Group Service Object The Checkpoint objects in R80.x can be created from the main...

Pre-requisites: A basic understanding of IPSec VPNs What parameters go into building an IPSec VPN.  1. Configuration of Interoperable device: In the Checkpoint realm, any device that must be paired with the Security Gateway, is called an “Interoperable device”. In case of IPSec VPN, if your Checkpoint Gateway is forming a VPN with a non-Checkpoint firewall, that non-Checkpoint firewall will be called an “Interoperable device”. The Interoperable device can be configured as below:  3. Configuration of VPN community Parameters Declare Center and Satellite (peer) Gateways between which VPN will be configured. 2. Encrypted traffic allowed between the gateways 3. Define phase 1 and phase 2 tunnel parameters: 4. Define Tunnel management parameters: Usually not changed and kept at default, as below: 5. VPN routing : Self explanatory We shall continue the remaining configuration in Part 2 of this tutorial.