Firewall behind Peplink Balance VPN Router


I am planning for VPN between HO and Branch Offices using MediaFast 500 at HO and Mediafast 200 at Branch offices. The Mediafast will connect to internet with Caching enabled at all sites. At HO, a CheckPoint firewall is placed behind the Mediafast 500 to protect the internal LAN.
The Branch offices need to access some of the servers hosted in the internal LAN of the HO. Also there will be some roaming users who need to access these servers from outside.
Can someone suggest me how to do this configuration?
Is there Peplink VPN client software which the roaming users can use to establish VPN to HO?



The MediaFast 500 at HQ can be a drop-in mode deployment with a LAN static route pointing to the outside IP of the CheckPoint for its internal LAN. The CheckPoint keeps its existing default gateway but has NAT exemption policies for both source and destination networks of the branch office LAN.

The CheckPoint could still provide access to the internal LAN for roaming users and the MediaFast can provide redundancy if there are multiple WAN connections.


Can Mediafast 500 at HO be in NAT mode doing NAT/route and VPN while the CheckPoint firewall be in bridge or transparent mode?



You can certainly deploy the MediaFast 500 at HQ in NAT mode along with the CheckPoint firewall in bridge or transparent mode. Remote users can use the MediaFast 500 to access the internal LAN via L2TP with IPsec and no special VPN client software is needed for this scenario.