There you have to fill in information like the WAN-IP of your FortiGate.
And the local subnet you want to tunnel from the FortiGate to the Check Point under “Topology”.
I would generally advise you to create Network Objects for both, your Check Point local subnet and your FortiGate local subnet to be reachable by VPN. Best practice: Use Object Names that are self-explanatory.
New > Network
Best practice: Create a host Object with the IP of the WAN interface of your Check Point, in case the main IP of your Check Point Object is the internal IP address. This object can be used in the rulebase when configuring access rules.
Yes, securely configure the VPN Community, install the Security Policy to your Check Point VPN Gateway and you should the VPN Tunnel in the monitoring with status: Down. After completing the VPN configuration on your FortiGate, the VPN Tunnel should go up.
Before you create a VPN-Community make sure that your IPsec VPN-Blase is enabled on your Check Point.
General Properties > Network Security IPsec > VPN
Next step is to create a new VPN Community. (This can be either Star or Mesh VPN)
New > More > VPN Community > Star Community
Best practise: Use a name that is self-explanatory.
Select your two Gateways with the Check Point as the Center Gateway and the FortiGate as the Satelite Gateway.
Select the correct encryption parameters you exchanged with your partner.
Set the shared secret.
Set the correct IKE/IPsec renegotiation times and toggle NAT according to your setup.
After you saved the configuration you’re able to check the state of your VPN tunnel with a SmartConsole Extention where you will be able to see that the tunnel is down because you haven’t configured your FortiGate yet.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.