Infinity CHECK POINT 1100 Administration Manual page 12

To configure blades now:
1. Select Activate and configure software blades now.
2. Select the check boxes next to the blades you want to activate and configure.
3. Configure the required options:
• NAT - the Hide internal networks behind the Gateway's external IP checkbox is selected
by default.
• QoS - Set the inbound and outbound bandwidth rates.
IPSec VPN - Make sure that the VPN community has been predefined. If it is a star
•
community, the Check Point Appliance is added as a satellite gateway. Select a VPN
community that the Gateway participates in from the Participate in a site to site
community list.
• IPS - Select a profile from the Assign IPS Profile list or click Manage to create/edit an IPS
profile.
• User Awareness - Complete the wizard pages that open to define the User Awareness
acquisition sources. In the Active Directory Servers page of the wizard, make sure to select
only AD servers that your gateway works with.
4. Click Next.
To hide the VPN domain:
Select Hide VPN domain behind this gateway's external IP.
Select this option only if you want to hide all internal networks behind this gateway's external IP.
All outgoing traffic from networks behind this gateway to other sites that participate in VPN
community will be encrypted.
With this option, connections that are initiated from other sites that are directed to hosts behind
this gateway are not encrypted. If you need access to hosts behind this gateway, select other
options (define VPN topology) or make sure all traffic from other sites is directed to this gateway's
external IP and define corresponding NAT port-forwarding rules, such as: Translate the
destination of incoming HTTP connections that are directed to this gateway's external IP to the IP
address of a web server behind this gateway.
To create a new VPN domain group:
1. Make sure that the Create a new VPN domain option is selected.
2. In the Name field, enter a name for the group.
3. From the Available objects list, select the applicable objects and click Add. The objects are
added to the VPN domain members list.
To select a predefined VPN domain:
1. Click Select an existing VPN domain.
2. From the VPN Domain list, select the domain.
3. Click Next.
In the Installation Wizard Completion page, you see a summary of the configuration
parameters you set.
4. If you want to configure more options of the Security Gateway, select Edit Gateway properties
for further configuration.
5. Click Finish.
The General Properties window of the newly defined object opens.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
Installation
| 12