1. Ensure the Appliance is Running the Latest Firmware:
    • Ensure your appliance runs the latest firmware version available. This ensures you have the latest features and fixes.
  2. Configure the VPN Site-to-Site Encryption Domain Manually:
    • Configuring the local VPN Site-to-Site encryption domain manually is recommended instead of keeping it automatically configured.
  3. Change the VPN Site-to-Site Global Settings:
    • From the WebUI, go to "Device -> Advanced Settings".
    • Search for "VPN Site to Site global settings - Use internal IP address for encrypt".
    • Change the value to     True.

This setting forces originating VPN connections from the local gateway to use an internal interface IP address instead of the external IP WAN/DMZ.

Screenshot of Check Point 790 Appliance interface showing the 'VPN Site to Site Global Settings' with the option to use internal IP addresses for encrypted connections highlighted, including type, default value, and description.

  1. Configure the VPN Domain:
    • Ensure that the VPN domain (encryption domain) includes the internal network that needs to communicate with the Active Directory server on the other side of the VPN tunnel.
    • If necessary, set the VPN domain to "Manually defined" and include the relevant internal network.
  2. Verify the VPN Configuration:
    • Ensure that the VPN tunnel is properly established between the Check Point 1575 appliance and the pfSense device.
    • Verify that the internal traffic is being routed through the VPN tunnel.
  3. Test the Configuration:
    • Test the Active Directory authentication to ensure that the traffic is correctly routed through the VPN and that the Active Directory server is reachable.

By following these steps, you should be able to route the Check Point quantum spark appliance's appliance's internal traffic through the IPsec VPN.



Learn more:

  1. R80.40 SmartProvisioning Administration Guide - Security-Gateway-Provisioning-Settings
  2. R81 Remote Access VPN Administration Guide - VPN-Routing-Remote-Access
  3. R80.40 Remote Access VPN Administration Guide - VPN-Routing-Remote-Access