site to site ipsec between F5 and CHECKPOINT

Question

i went to configure site to site IPSEC VPN between BIG IP and checkpoint firewall please help me and share document&nbsp;

psilva · Answer

This might help:&nbsp;
Configuring IPsec between a BIG-IP System and a Third-Party Device&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-4-0/19.html&nbsp;
and&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ipsec-interop-matrix.html&nbsp;
ps&nbsp;

niels_van_sluis · Answer

I can confirm that it's possible to create an IPSEC tunnel between a F5-BIG-IP and a Check Point firewall. I've been testing this in my lab with R80.10 and it's working. I've noticed that it is key to use PFS in Phase 2. Without PFS in Phase 2 it didn't work. Here are some settings I tried:
Phase 1:
SHA-1/AES-128 + DH Group 2 works!
SHA-256/AES-256 + DH Group 2 works!

Phase 2:
SHA-1/3DES + MODP1024 works!
SHA-1/AES-128 + MODP1024 works!
SHA-1/AES-256 + MODP1024 works! 
SHA-256/AES-256 + MODP1024 works!

Forum Discussion

site to site ipsec between F5 and CHECKPOINT

2 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

VIP control across data centers - how to ensure only 1 VIP is up at a time?

FQDN Node Configuration

Logical Disk Full to Migrate rSeries

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy