User's Manual Part 3
Overview
304 Check Point Safe@Office User Guide
Check Point SecuRemote VPN Client, provided for free with your
Safe@Office, or from another Safe@Office.
• Internal VPN Server. SecuRemote can also be used from your internal
networks, allowing you to secure your wired or wireless network with
strong encryption and authentication.
• Site-to-Site VPN Gateway. Can connect with another Site-to-Site VPN
Gateway in a permanent, bi-directional relationship.
• Remote Access VPN Client. Can connect to a Remote Access VPN Server,
but other VPN sites cannot initiate a connection to the Remote Access
VPN Client. Defining a Remote Access VPN Client is a hardware
alternative to using SecuRemote software.
Both Safe@Office 500 and 500W provide full VPN functionality. They can act as a
Remote Access VPN Client, a Remote Access VPN Server for multiple users, or a
Site-to-Site VPN Gateway.
A virtual private network (VPN) must include at least one Remote Access VPN
Server or gateway. The type of VPN sites you include in a VPN depends on the
type of VPN you want to create, Site-to-Site or Remote Access.
Note: A locally managed Remote Access VPN Server or gateway must have a static
IP address. If you need a Remote Access VPN Server or gateway with a dynamic
IP address, you must use SofaWare Security Management Portal (SMP)
management.
A SecuRemote or Safe@Office Remote Access VPN Client can have a dynamic IP
address, regardless of whether it is locally or remotely managed.
Note: This chapter explains how to define a VPN locally. However, if your appliance
is centrally managed by a Service Center, then the Service Center can
automatically deploy VPN configuration for your appliance.
Site-to-Site VPNs
A Site-to-Site VPN consists of two or more Site-to-Site VPN Gateways that can
communicate with each other in a bi-directional relationship. The connected