Setting up site-to-site on Check Point
  • 2 Minutes to read

Setting up site-to-site on Check Point


Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.

Creating a gateway object at the Check Point Smart Console

  1. Open the Check Point Smart Console

  2. Go to Security Policies

  3. Add NordLayer Private Gateway as an object as shown in the image below. Please make sure you have the IP of your NordLayer dedicated server

01 Setting up site-to-site on Check Point.png

02 Setting up site-to-site on Check Point.png

Creating a VPN Star community

  1. Create a new Star Community

03 Setting up site-to-site on Check Point.png

  1. Fill in the following information:
  • Specify an Object Name of your own choice
  • Add your NordLayer gateway as Center Gateway
  • Add your external Firewall IP as Satellite Gateways
  1. Go to Shared Secret

  2. Add a **Shared Secret **and write it down as we will also need this value on our end. Please note: Check Point recommends choosing a shared secret that contains at least 20 characters

04 Setting up site-to-site on Check Point.png

  1. Go to Encryption and set IKE Security

05 Setting up site-to-site on Check Point.png

  1. Go to Tunnel Management

  2. Set VPN Tunnel Sharing to One VPN tunnel per Gateway pair

06 Setting up site-to-site on Check Point.png

  1. Select OK

Additional settings at the Check Point Smart Console

  1. Under Check Point firewall policy, add a rule for any to any, in and out to 10.6.0.0/20

  2. Create a Network group with All local networks to be trusted with the VPN tunnels

07 Setting up site-to-site on Check Point.png

Adding the NordLayer gateway IP and remote subnet

  1. Open the NordLayer object you created

  2. Go to Topology

  3. Select New at the top

  4. Under the General tab, fill in Name, IP Address, and Net Mask

  5. Add NordLayer remote subnet 10.6.0.0 as IP Address

  6. Add "255.255.240.0" as Net Mask

08 Setting up site-to-site on Check Point.png

  1. Open the Topology tab. Select Network defined by the interface IP and Net Mask

09 Setting up site-to-site on Check Point.png

  1. Select OK

  2. Go to Topology

  3. Select New at the top

  4. Under the General tab, fill in Name, IP Address, and Net Mask

  5. Add the IP of your NordLayer gateway xxx.xxx.xxx.xxx as IP Address

  6. Add "255.255.255.255" as Net Mask

  7. Open the Topology tab. Select External (leads out to the internet)

  8. Select OK

  9. Publish and Install Policy

Ending note:

In order to finalize the site-to-site setup on our end, please provide these values via Site-to-site request from in the NordLayer Control Panel:

  • Pre-shared key - you can generate it or we can provide it
  • Encryption  details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2)
  • Remote gateway/router public IP (must be reachable while connected to the dedicated server)
  • Remote subnet and mask (the subnet is used in your local network)

Note: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our 24/7 customer support team.


Was this article helpful?