Creating a Certificate Based Site to Site VPN between 2 Check Point Gateways

This example will show you how to create a certifcate based VPN between 2 Check Point firewalls which are managed via different Smart Centre Servers.
Please note that simplified mode VPN was used along with the Check Point version being R65.

Site A

Create VPN Community

1. Within your Gateway Object add you local domain to "Topology | VPN Domain | Manually Defined"
2. Within Network Objects create a Externally Managed VPN gateway (For Site B) and add its local domain.
3. Goto the VPN communities Tab and Right Click "Site To Site" and select "New" then "Mesh".
4. Give your Community a name
5. Select "Accept all encrypted traffic"
6. Within Participates add your Gateways.
7. Click Ok.

Export the Certificate

1. Within the Servers and OPSEC applications tab right click "Servers > Trusted CAs > Internal CA" and select "New > CA > Trusted > New CA > Trusted."
2. Enter a name for your Certificate (such as VPN-CERT)
3. Under the Certificate Authority Type choose "External Check Point CA"
4. Click the External Check Point CA tab and select "Save As".
5. Save the Certificate

Site B

Create VPN Community

1. Within your Gateway Object add you local domain to "Topology | VPN Domain | Manually Defined".
2. Within Network Objects create a Externally Managed VPN gateway (For Site A) and add its local domain.
3. Goto the VPN communities Tab and Right Click "Site To Site" and select "New" then "Mesh".
4. Give your Community a name
5. Select "Accept all encrypted traffic"
6. Within Participates add your Gateways.
7. Click Ok.

Import the Certificate

1. Within the Servers and OPSEC applications tab right click Servers and select "New > CA > Trusted"
2. Enter a name such as VPN-CERT.
3. Under the Certificate Authority Type choose "External Check Point CA".
4. Click the External Check Point CA tab and select "Get".
5. Import the previously saved certificate from Site A.