Thread: Check Point VPN design
View Single Post
  #8 (permalink)  
Old 2008-04-20
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,648
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Check Point VPN design
Not to start the next holy war here but...

S2S VPN if you do not manage both sites and both sites are not Check Point, then I agree you might as well let the router do it.

If both sites are managed by you and they are Check Point, it's just too easy to let the VPN-1 do it.

As for Client-to-site (aka remote access) VPN-1 or if you really want Cisco then an ASA, not a router.

Now as for MEP, If its all Check Point under the same SmartCenter/P-1 it will pretty much take care of itself when you when you have multiple center gateways for a remote access community.

For an s2s, you need to go to advanced setings->MEP to enable it.

If this is a full DR site, with replicated servers and the like, you need the firewall. If its just a POP with a leased line back to the main site, and that line terminates outside the firewall, then don't worry about it.
Reply With Quote