How to set up a Check Point virtual private network appliance

The value of VPN

Check Point Software’s unified threat management (UTM) devices are popular for small and large businesses, alike. Why? Check Point’s product line uses the same protective measures and software code in almost a dozen differently sized UTM appliances. This is especially beneficial for small businesses because they can leverage what Check Point puts into making its products secure enough for large enterprises. Read on for more on how to set up a Check Point virtual private network (VPN) appliance.

1. Get started with a virtual private network (VPN).

We will focus here on setting up a virtual private network (VPN) using a representative model, the Check Point 620, for which you’ll administer the devices via a web browser.

This particular model has eight wired ports and a wireless access point, and can be configured to support a single flat network or have each of its ports operate on separate virtual LANs. One of the nice features is that it can support up to four separate wireless networks, each with its own ID. This means you can add a guest wireless network with just a few mouse clicks and with an obvious link on the wireless settings screens. You can also segregate wireless traffic into its own virtual LAN for better protection with another mouse click.

Wondering why VPN? Learn more about the reasons you need a virtual private network for remote network access by employees working from home or other remote locations.

2. Access Check Point’s web-based management dashboard.

Check Point also offers an online documentation reference. The web-based management dashboard has summary statistics and links to each of its protective features in tabs across the top.

Clear tabs across the top of Check Point UTM’s management dashboard cover the different security features.
Clear tabs across the top of Check Point UTM’s management dashboard cover the different security features.

3. Choose your VPN on Check Point’s setup wizard.

Everything for the VPN is found under that labeled tab on the main dashboard. The setup wizard prompts you to check a box to enable administrative access over the VPN link if you plan on administering the device remotely.

The initial setup wizard will determine whether to permit management access from the VPN or wireless networks.
The initial setup wizard will determine whether to permit management access from the VPN or wireless networks.

Next, choose which kind of VPN to run. There are two basic types: remote access or site-to-site VPN. Both are accessible from the main menu with a simple mouse click. Remote access is for enabling employees to access the business network from outside the office, such as from home or a coffee shop. Site-to-site VPN is for bridging multiple office networks together, such as to link a remote office to the main business location.

Choose the particular type of VPN on this screen.
Choose the particular type of VPN on this screen.

4. Enable or disable the remote access VPN.

You’ll find the main series of VPN controls on the summary screen, as shown below. Click to enable the remote access VPN, allowing traffic from remote users, or disable. You can also choose whether to log this traffic.

Check Point’s VPN controls are very clearly labeled, making it easy to follow the instructions.
Check Point’s VPN controls are very clearly labeled, making it easy to follow the instructions.

The above screen lists four different types of remote access VPNs:

  • Using the Check Point client software.
  • Using special mobile VPN software.
  • Connecting via an SSL VPN.
  • Using the native Windows L2TP VPN client.

Check the boxes for whichever access protocols you want to allow and then click on the link for connection instructions. Start with the first option if you have a Mac or Windows PC for the best balance between protection and configuration hassles.

5. Install your connection regimen.

Check Point gives you very specific installation and operation instructions for each type of connection regimen and provides a means of emailing instructions. Here’s an example for installing the mobile client.

Instructions on how to install the mobile client, as an example, are also straightforward.
Instructions on how to install the mobile client, as an example, are also straightforward.

Note the links to download the particular VPN clients from Google Play and the Apple App store.

6. Set up a dynamic DNS service.

Finally, if the UTM appliance is not assigned a static IP address from your Internet service provider, you should set up a dynamic DNS service. This makes it easier to access. Check Point supports several different such services. More information is available on the main VPN screen.

Check Point makes setting up a VPN rather easy. But if you run into snags along the way or have something to share with the online community, leave your thoughts in the comments below. Good luck!

Learn about the four types of SSL certificates available.

Wildcard SSL Certificate
Extended Validation SSL Certificate
SAN SSL Certificate
Organization Validation SSL Certificate


Also published on Medium.

Image by: Giorgio Montersino via Compfight cc

David Strom
David Strom is one of the leading experts on network and Internet technologies and has written and spoken extensively on topics such as VOIP, convergence, email, cloud computing, network management, Internet applications, wireless and Web services for more than 25 years. David is a frequent speaker, panel moderator and instructor at various industry events and trade shows around the world, and has also has taught computer networking classes at the high school level and a graduate business class in management information systems theory.