Redirect branches traffic to firewall behind Balance 580

Hi everyone,

We have PEPLINK+CHECK POINT at the HQ 580 is agregating 2xISP, Check Point behind the 580 for FW/inspection trafic IN/OUT of the HQ LAN.
We would like implement Check Point inspection for branches traffic (1xISP + 1xLTE, PEPVPN) before allowing the branch data flow go to Internet as you can see in the picture below.
Can we re-route the internet traffic from Remote site to the checkpoint for inspection before send it to internet ?

Yes you can. Send all traffic from the remote site over the bonded VPN. Set an outbound policy on the B580 to send all traffic from that remote subnet out via WAN5 on the B580.

Connect the B580 WAN 5 to the LAN of your check point, either on the same VLAN (192.168.0.0/24) or create a new one for this purpose (which would be cleaner I think).

2 Likes

Thanks @MartinLangmaid

I will try this

@rudy remember to change your outbound policy on the B580 so that WAN5 is not used for internet access.

2 Likes