Chapter 10: Configuring Virtual Private Networks

Introduction

Many organizations are using virtual private networks (VPNs) over the Internet in order to have a secure channel for remote offices, business partners , and mobile users to access their internal networks. For many, the VPN is replacing dedicated Frame Relay circuits or dial-in VPN services for their organizational needs.

For example, let s say that your office headquarters is in Hartford, Connecticut, but you have a small, remote office located in Tampa, Florida. You could set up a gateway-to-gateway VPN between these two offices so that they can share each other s resources on the network through an encrypted channel over the Internet. The communication between these two branches is secured by the endpoints of the connection, which are the firewalls at each location.

This chapter discusses the different types of encryption available to you in VPN-1/FireWall-1 Next Generation with Application Intelligence and explains this technology to you so that you ll understand how it is working. Check Point makes it easy to set up a VPN using its SmartDashboard, and this chapter will show you how to configure VPNs between gateways and to mobile clients . Then we will demonstrate how to install the SecuRemote client software. (If you are interested in desktop security for the client, we cover that topic in the next chapter.) Even though they will use the same installation binary, much has to do with the licensing you have purchased and a few configuration options on the server-side.

A bit of theory is necessary before beginning the process of describing how to set up VPNs with Check Point NG AI. You should first understand the basics of encryption algorithms, key exchange, hash functions, digital signatures, and certificates so that you can feel comfortable troubleshooting and deploying VPNs.