User guide
Adding and Editing VPN Sites
634 Check Point Safe@Office User Guide
In this field…
Do this…
Specify
Configuration
Click this option to provide the network configuration manually.
Route All Traffic Click this option to route all network traffic through the VPN site.
For example, if your VPN consists of a central office and a number of
remote offices, and the remote offices are only allowed to access Internet
resources through the central office, you can choose to route all traffic
from the remote offices through the central office.
Note: You can only configure one VPN site to route all traffic.
Route Based VPN Click this option to create a virtual tunnel interface (VTI) for this site, so
that it can participate in a route-based VPN.
Route-based VPNs allow routing connections over VPN tunnels, so that
remote VPN sites can participate in dynamic or static routing schemes.
This improves network and VPN management efficiency for large
networks.
For constantly changing networks, it is recommended to use a route-based
VPN combined with OSPF dynamic routing. This enables you to make
frequent changes to the network topology, such as adding an internal
network, without having to reconfigure static routes.
OSPF is enabled using CLI. For information on using CLI, see Controlling
the Appliance via the Command Line on page 711. For information on
the relevant commands for OSPF, refer to the Embedded NGX CLI
Reference Guide.
This option is only available when configuring a Site-to-Site VPN gateway.
Destination network Type up to three destination network addresses at the VPN site to which
you want to connect.